diff options
Diffstat (limited to 'comm/third_party/botan/src/fuzzer/pow_mod.cpp')
-rw-r--r-- | comm/third_party/botan/src/fuzzer/pow_mod.cpp | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/fuzzer/pow_mod.cpp b/comm/third_party/botan/src/fuzzer/pow_mod.cpp new file mode 100644 index 0000000000..28350480cb --- /dev/null +++ b/comm/third_party/botan/src/fuzzer/pow_mod.cpp @@ -0,0 +1,72 @@ +/* +* (C) 2016,2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "fuzzers.h" +#include <botan/numthry.h> +#include <botan/reducer.h> + +namespace { + +Botan::BigInt simple_power_mod(Botan::BigInt x, + Botan::BigInt n, + const Botan::BigInt& p) + { + if(n == 0) + { + if(p == 1) + return 0; + return 1; + } + + Botan::Modular_Reducer mod_p(p); + Botan::BigInt y = 1; + + while(n > 1) + { + if(n.is_odd()) + { + y = mod_p.multiply(x, y); + } + x = mod_p.square(x); + n >>= 1; + } + return mod_p.multiply(x, y); + } + +} + +void fuzz(const uint8_t in[], size_t len) + { + static const size_t max_bits = 2048; + + if(len % 3 != 0) + return; + + const size_t part_size = len / 3; + + if(part_size * 8 > max_bits) + return; + + const Botan::BigInt g = Botan::BigInt::decode(in, part_size); + const Botan::BigInt x = Botan::BigInt::decode(in + part_size, part_size); + const Botan::BigInt p = Botan::BigInt::decode(in + 2*part_size, part_size); + + try + { + const Botan::BigInt ref = simple_power_mod(g, x, p); + const Botan::BigInt z = Botan::power_mod(g, x, p); + + if(ref != z) + { + FUZZER_WRITE_AND_CRASH("G = " << g << "\n" + << "X = " << x << "\n" + << "P = " << p << "\n" + << "Z = " << z << "\n" + << "R = " << ref << "\n"); + } + } + catch(Botan::Exception& e) {} + } |