Complete the code part of the fuzzer test

Author: joii2020

c/ref/sign.c

@@ -274,7 +274,6 @@ int crypto_sign_verify(crypto_context *cctx, const uint8_t *sig, size_t siglen,
 
   /* Check if the root node equals the root node in the public key. */
   if (memcmp(root, pub_root, SPX_N)) {
-    printf("R2\n");
     return -1;
   }
 

tests/sphincsplus/fuzzer/Makefile

@@ -4,12 +4,12 @@ CC=clang
 LLVM_PROFDATA=llvm-profdata
 LLVM_COV=llvm-cov
 
-PARAMS = sphincs-shake-256f
-THASH = robust
+NPROC?=30
 
 SOURCES_DIR = ref
 
 SOURCES = \
+	../../../c/$(SOURCES_DIR)/params.c \
 	../../../c/$(SOURCES_DIR)/address.c \
 	../../../c/$(SOURCES_DIR)/merkle.c \
 	../../../c/$(SOURCES_DIR)/wots.c \
@@ -36,35 +36,37 @@ HEADERS = \
 	../../../c/$(SOURCES_DIR)/randombytes.h \
 	../../../c/ckb-sphincsplus.h
 
-ifneq (,$(findstring shake,$(PARAMS)))
-	SOURCES += \
-		../../../c/$(SOURCES_DIR)/fips202.c \
-		../../../c/$(SOURCES_DIR)/hash_shake.c \
-		../../../c/$(SOURCES_DIR)/thash_shake_$(THASH).c
-	HEADERS += \
-		../../../c/$(SOURCES_DIR)/fips202.h
-endif
-ifneq (,$(findstring haraka,$(PARAMS)))
-	SOURCES += \
-		../../../c/$(SOURCES_DIR)/haraka.c \
-		../../../c/$(SOURCES_DIR)/hash_haraka.c \
-		../../../c/$(SOURCES_DIR)/thash_haraka_$(THASH).c
-	HEADERS += \
-		../../../c/$(SOURCES_DIR)/haraka.h
-endif
-ifneq (,$(findstring sha2,$(PARAMS)))
-	SOURCES += \
-		../../../c/$(SOURCES_DIR)/sha2.c \
-		../../../c/$(SOURCES_DIR)/hash_sha2.c \
-		../../../c/$(SOURCES_DIR)/thash_sha2_$(THASH).c
-	HEADERS += \
-		../../../c/$(SOURCES_DIR)/sha2.h
-endif
+# shake
+SOURCES += \
+	../../../c/$(SOURCES_DIR)/fips202.c \
+	../../../c/$(SOURCES_DIR)/hash_shake.c \
+	../../../c/$(SOURCES_DIR)/thash_shake_robust.c\
+	../../../c/$(SOURCES_DIR)/thash_shake_simple.c
+HEADERS += \
+	../../../c/$(SOURCES_DIR)/fips202.h
+
+# sha2
+SOURCES += \
+	../../../c/$(SOURCES_DIR)/sha2.c \
+	../../../c/$(SOURCES_DIR)/hash_sha2.c \
+	../../../c/$(SOURCES_DIR)/thash_sha2_robust.c \
+	../../../c/$(SOURCES_DIR)/thash_sha2_simple.c
+HEADERS += \
+	../../../c/$(SOURCES_DIR)/sha2.h
 
-FUZZER_FLAGS=-g -O1 -fsanitize=fuzzer,address,undefined -fsanitize-recover=address -DPARAMS=$(PARAMS)
+# haraka
+SOURCES += \
+	../../../c/$(SOURCES_DIR)/haraka.c \
+	../../../c/$(SOURCES_DIR)/hash_haraka.c \
+	../../../c/$(SOURCES_DIR)/thash_haraka_robust.c \
+	../../../c/$(SOURCES_DIR)/thash_haraka_simple.c
+HEADERS += \
+	../../../c/$(SOURCES_DIR)/haraka.h
+
+FUZZER_FLAGS=-g -O1 -fsanitize=fuzzer,address,undefined -fsanitize-recover=address
 FUZZER_FLAGS := $(FUZZER_FLAGS) -I ../../../c -I ../../../c/ref
 
-COVERAGE_FLAGS=-fprofile-instr-generate -fcoverage-mapping -DPARAMS=$(PARAMS)
+COVERAGE_FLAGS=-fprofile-instr-generate -fcoverage-mapping
 COVERAGE_FLAGS := $(COVERAGE_FLAGS) -I ../../../c -I ../../../c/ref
 
 ifeq ($(OS),MacOS)
@@ -80,5 +82,13 @@ build/fuzzer: sphincs_plus_fuzzer.c $(SOURCES) $(HEADERS)
 build/cover: sphincs_plus_cover.c sphincs_plus_fuzzer.c $(SOURCES) $(HEADERS)
 	$(CC) $(COVERAGE_FLAGS) -o $@ $(SOURCES) $< sphincs_plus_fuzzer.c
 
+start-fuzzer: build/fuzzer
+	mkdir -p build/corpus
+	cd build && ./fuzzer -max_len=8000000 -jobs=$(NPROC) corpus
+
 clean:
-	rm -rf build/*
+	rm -rf build/*
+
+clean-fuzzer:
+	rm -rf build/corpus
+	rm -rf build/fuzz-*.log

tests/sphincsplus/fuzzer/run.sh

@@ -14,4 +14,5 @@ else
 fi
 
 cd build
-./fuzzer
+mkdir -p corpus
+./fuzzer -max_len=80000 -workers=2 -jobs=2 corpus

tests/sphincsplus/fuzzer/sphincs_plus_fuzzer.c

@@ -4,56 +4,60 @@
 
 #include "ckb-sphincsplus.h"
 
-typedef enum {
-  SphincsFuzz_Success = 0,
-  SphincsFuzz_Init,
-} SphincsFuzzError;
-
 size_t fill_buf(uint8_t *buf, size_t buf_size, uint8_t *data, size_t size) {
   if (size == 0) {
     memset(buf, 0, buf_size);
+    return 0;
   } else if (size >= buf_size) {
     memcpy(buf, data, buf_size);
+    return buf_size;
   } else {
     memcpy(buf, data, size);
     buf += size;
     memset(buf, 0, buf_size - size);
+    return size;
   }
 }
 
 int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
   uint32_t hash_type = 0;
   if (size > 0) {
-    hash_type = data[0];
+    hash_type = data[0] % 37;
   }
   data += 1;
   size -= 1;
 
-  int err = sphincs_plus_init(hash_type);
+  crypto_context cctx = {0};
+  int err = sphincs_plus_init_context(hash_type, &cctx);
   if (err != 0) {
-    return SphincsFuzz_Success;
+    return 0;
   }
 
   uint8_t message[SPX_MLEN];
-  uint8_t pubkey[sphincs_plus_get_pk_size()];
-  uint8_t sign[sphincs_plus_get_sign_size()];
+
+  uint32_t pubkey_size = sphincs_plus_get_pk_size(&cctx);
+  uint8_t pubkey[pubkey_size];
+
+  uint32_t sign_size = sphincs_plus_get_sign_size(&cctx);
+  uint8_t sign[sign_size];
 
   size_t offset = fill_buf(message, SPX_MLEN, data, size);
   data += offset;
   size -= offset;
 
-  offset = fill_buf(pubkey, sphincs_plus_get_pk_size(), data, size);
+  offset = fill_buf(pubkey, pubkey_size, data, size);
   data += offset;
   size -= offset;
 
-  offset = fill_buf(sign, sphincs_plus_get_sign_size(), data, size);
+  offset = fill_buf(sign, sign_size, data, size);
   data += offset;
   size -= offset;
 
-  err = sphincs_plus_verify(sign, message, pubkey);
-  if (err == 0) {
-    return SphincsFuzz_Success;
+  err = sphincs_plus_verify(&cctx, sign, sign_size, message, SPX_MLEN, pubkey,
+                            pubkey_size);
+  if (err != 0) {
+    return 0;
   };
 
-  return SphincsFuzz_Success;
+  return 0;
 }