Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1310944 - Implement deterministic PRNG for fuzzing mode r=franziskus
Differential Revision: https://nss-dev.phacility.com/D98
- Loading branch information
Tim Taubert
committed
Oct 25, 2016
1 parent
568053d
commit 900c5a5
Showing
13 changed files
with
235 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ | ||
/* vim: set ts=2 et sw=2 tw=80: */ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include <memory> | ||
#include "blapi.h" | ||
#include "pk11pub.h" | ||
|
||
#include "gtest/gtest.h" | ||
|
||
namespace nss_test { | ||
|
||
class PK11PrngTest : public ::testing::Test {}; | ||
|
||
#ifdef UNSAFE_FUZZER_MODE | ||
|
||
// Test that two consecutive calls to the RNG return two distinct values. | ||
TEST_F(PK11PrngTest, Fuzz_DetPRNG) { | ||
std::vector<uint8_t> rnd1(2048, 0); | ||
std::vector<uint8_t> rnd2(2048, 0); | ||
|
||
SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size()); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
rv = PK11_GenerateRandom(rnd2.data(), rnd2.size()); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
EXPECT_NE(rnd1, rnd2); | ||
} | ||
|
||
// Test that two consecutive calls to the RNG return two equal values | ||
// when the RNG's internal state is reset before each call. | ||
TEST_F(PK11PrngTest, Fuzz_DetPRNG_Reset) { | ||
std::vector<uint8_t> rnd1(2048, 0); | ||
std::vector<uint8_t> rnd2(2048, 0); | ||
|
||
RNG_ResetForFuzzing(); | ||
|
||
SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size()); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
RNG_ResetForFuzzing(); | ||
|
||
rv = PK11_GenerateRandom(rnd2.data(), rnd2.size()); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
EXPECT_EQ(rnd1, rnd2); | ||
} | ||
|
||
// Test that the RNG's internal state progresses in a consistent manner. | ||
TEST_F(PK11PrngTest, Fuzz_DetPRNG_StatefulReset) { | ||
std::vector<uint8_t> rnd1(2048, 0); | ||
std::vector<uint8_t> rnd2(2048, 0); | ||
|
||
RNG_ResetForFuzzing(); | ||
|
||
SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size() - 1024); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
rv = PK11_GenerateRandom(rnd1.data() + 1024, rnd1.size() - 1024); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
RNG_ResetForFuzzing(); | ||
|
||
rv = PK11_GenerateRandom(rnd2.data(), rnd2.size() - 1024); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
rv = PK11_GenerateRandom(rnd2.data() + 1024, rnd2.size() - 1024); | ||
EXPECT_EQ(rv, SECSuccess); | ||
|
||
EXPECT_EQ(rnd1, rnd2); | ||
} | ||
|
||
#endif | ||
|
||
} // namespace nss_test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
|
||
############################################## | ||
## ## | ||
## WARNING: You're building with -Dfuzz=1 ## | ||
## ## | ||
## This means: ## | ||
## ## | ||
## * Your PRNG is DETERMINISTIC. ## | ||
## * TLS transcripts are PLAINTEXT. ## | ||
## * TLS signature checks are DISABLED. ## | ||
## ## | ||
## Thank you for fuzzing! ## | ||
## ## | ||
############################################## | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this | ||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "blapi.h" | ||
#include "blapit.h" | ||
#include "chacha20.h" | ||
#include "nssilock.h" | ||
#include "seccomon.h" | ||
#include "secerr.h" | ||
|
||
static unsigned long globalNumCalls = 0; | ||
|
||
SECStatus | ||
prng_ResetForFuzzing(PZLock *rng_lock) | ||
{ | ||
/* Check for a valid RNG lock. */ | ||
PORT_Assert(rng_lock != NULL); | ||
if (rng_lock == NULL) { | ||
PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
return SECFailure; | ||
} | ||
|
||
/* --- LOCKED --- */ | ||
PZ_Lock(rng_lock); | ||
globalNumCalls = 0; | ||
PZ_Unlock(rng_lock); | ||
/* --- UNLOCKED --- */ | ||
|
||
return SECSuccess; | ||
} | ||
|
||
SECStatus | ||
prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest, size_t len) | ||
{ | ||
static const uint8_t key[32]; | ||
uint8_t nonce[12] = { 0 }; | ||
|
||
/* Check for a valid RNG lock. */ | ||
PORT_Assert(rng_lock != NULL); | ||
if (rng_lock == NULL) { | ||
PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
return SECFailure; | ||
} | ||
|
||
/* --- LOCKED --- */ | ||
PZ_Lock(rng_lock); | ||
|
||
memcpy(nonce, &globalNumCalls, sizeof(globalNumCalls)); | ||
globalNumCalls++; | ||
|
||
ChaCha20Poly1305Context *cx = | ||
ChaCha20Poly1305_CreateContext(key, sizeof(key), 16); | ||
if (!cx) { | ||
PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
PZ_Unlock(rng_lock); | ||
return SECFailure; | ||
} | ||
|
||
memset(dest, 0, len); | ||
ChaCha20XOR(dest, dest, len, key, nonce, 0); | ||
ChaCha20Poly1305_DestroyContext(cx, PR_TRUE); | ||
|
||
PZ_Unlock(rng_lock); | ||
/* --- UNLOCKED --- */ | ||
return SECSuccess; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this | ||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#ifndef __det_rng_h_ | ||
#define __det_rng_h_ | ||
|
||
SECStatus prng_ResetForFuzzing(PZLock *rng_lock); | ||
SECStatus prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest, | ||
size_t len); | ||
|
||
#endif /* __det_rng_h_ */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters