Merge pull request #442 from mirkobitetto/dev

feat: add fuzzing harness and infrastructure;

Author: jlucas9

.gitignore

@@ -12,6 +12,7 @@ __pycache__
 *.dat
 *.so
 build/
+build-*/
 venv
 vgcore*
 core.*
@@ -23,6 +24,8 @@ DartConfiguration.tcl
 sa_save_file.bin
 bin/*
 CMakeFiles/*
+fuzz/corpus/
+fuzz/output/
 src/cmake_install.cmake
 src/CTestTestfile.cmake
 src/CMakeFiles/*

CMakeLists.txt

@@ -41,6 +41,7 @@ option(CRYPTO_WOLFSSL "Cryptography Module - WolfSSL" OFF)
 option(CRYPTO_CUSTOM "Cryptography Module - CUSTOM" OFF)
 option(CRYPTO_CUSTOM_PATH "Cryptography Module - CUSTOM PATH" OFF)
 option(DEBUG "Debug" OFF)
+option(ENABLE_FUZZING "Enable fuzz testing" OFF)
 option(KEY_CUSTOM "Key Module - Custom" OFF)
 option(KEY_CUSTOM_PATH "Custom Key Path" OFF)
 option(KEY_INTERNAL "Key Module - Internal" OFF)
@@ -191,7 +192,13 @@ endif()
 #
 # Project Specifics
 #
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Werror -g -O0")
+if(ENABLE_FUZZING) 
+    # More permissive flags for fuzzing (afl compiler fails with -Werror for self-assign warnings)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wno-self-assign -g -O0")
+else()
+    # Stricter flags for normal builds (treat warnings as errors)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Werror -g -O0")
+endif()
 
 include_directories(include)
 add_subdirectory(src)
@@ -203,3 +210,7 @@ endif()
 if(TEST)
     add_subdirectory(test)
 endif()
+
+if(ENABLE_FUZZING)
+    add_subdirectory(fuzz)
+endif()

fuzz/CMakeLists.txt

@@ -0,0 +1,22 @@
+# Include necessary directories
+include_directories(include)
+include_directories(../include)
+include_directories(../test/include)
+
+# Create shared utils library from test code
+add_library(shared_utils STATIC ../test/core/shared_util.c)
+
+# Build the fuzzing harness
+add_executable(fuzz_harness src/fuzz_harness.c)
+target_link_libraries(fuzz_harness LINK_PUBLIC shared_utils crypto pthread)
+
+# Add fuzzing-specific compiler flags
+target_compile_options(fuzz_harness PRIVATE -fsanitize=fuzzer -g)
+target_link_options(fuzz_harness PRIVATE -fsanitize=fuzzer)
+
+# Copy the executable to bin directory
+add_custom_command(TARGET fuzz_harness POST_BUILD
+        COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_FILE:fuzz_harness> ${PROJECT_BINARY_DIR}/bin/fuzz_harness
+        COMMAND ${CMAKE_COMMAND} -E remove $<TARGET_FILE:fuzz_harness>
+        COMMENT "Created ${PROJECT_BINARY_DIR}/bin/fuzz_harness"
+        )

fuzz/generate_corpus.py

@@ -0,0 +1,144 @@
+#!/usr/bin/env python3
+
+import os
+import random
+import struct
+import argparse
+from pathlib import Path
+
+
+def ensure_dir(directory):
+    """Create directory if it doesn't exist"""
+    Path(directory).mkdir(parents=True, exist_ok=True)
+
+
+def generate_random_bytes(min_size, max_size):
+    """Generate random bytes of size between min_size and max_size"""
+    size = random.randint(min_size, max_size)
+    return bytes(random.randint(0, 255) for _ in range(size))
+
+
+def generate_tc_frame(random_content=True):
+    """Generate a TC frame with valid-looking header"""
+    if random_content:
+        frame_size = random.randint(10, 200)
+        frame = bytearray(generate_random_bytes(frame_size, frame_size))
+    else:
+        frame_size = 10
+        frame = bytearray(frame_size)
+
+    # Set basic TC frame header fields
+    frame[0] = 0x20  # Version 1, Type TC
+    frame[1] = 0x03  # SCID
+    frame[2] = 0x00  # VCID
+    frame[3] = (frame_size - 5) & 0xFF  # Frame length
+
+    return frame
+
+
+def generate_tm_frame(random_content=True):
+    """Generate a TM frame with valid-looking header"""
+    if random_content:
+        frame_size = random.randint(12, 200)
+        frame = bytearray(generate_random_bytes(frame_size, frame_size))
+    else:
+        frame_size = 12
+        frame = bytearray(frame_size)
+
+    # Set basic TM frame header fields
+    frame[0] = 0x08  # Version 1, TM
+    frame[1] = 0x03  # SCID
+    frame[2] = 0x00  # VCID
+
+    return frame
+
+
+def generate_aos_frame(random_content=True):
+    """Generate an AOS frame with valid-looking header"""
+    if random_content:
+        frame_size = random.randint(14, 200)
+        frame = bytearray(generate_random_bytes(frame_size, frame_size))
+    else:
+        frame_size = 14
+        frame = bytearray(frame_size)
+
+    # Set basic AOS frame header fields
+    frame[0] = 0x10  # Version 1, AOS
+    frame[1] = 0x03  # SCID
+    frame[2] = 0x00  # VCID
+
+    return frame
+
+
+def generate_corpus(output_dir, num_samples_per_selector=5):
+    """Generate corpus files for each selector value"""
+    ensure_dir(output_dir)
+
+    # Generate samples for each selector (0-6)
+    for selector in range(7):
+        for i in range(num_samples_per_selector):
+            # File naming: selector_type_variant.bin
+            if selector in [0, 1]:  # TC frame operations
+                frame = generate_tc_frame(random_content=(i != 0))
+                file_name = f"{selector:02d}_tc_{i:02d}.bin"
+            elif selector in [2, 5]:  # TM frame operations
+                frame = generate_tm_frame(random_content=(i != 0))
+                file_name = f"{selector:02d}_tm_{i:02d}.bin"
+            elif selector in [3, 4]:  # AOS frame operations
+                frame = generate_aos_frame(random_content=(i != 0))
+                file_name = f"{selector:02d}_aos_{i:02d}.bin"
+            else:  # selector == 6, TC frame for FECF check
+                frame = generate_tc_frame(random_content=(i != 0))
+                file_name = f"{selector:02d}_tc_fecf_{i:02d}.bin"
+
+            # Add the selector byte at the beginning
+            output = bytearray([selector]) + frame
+
+            # Write to file
+            with open(os.path.join(output_dir, file_name), "wb") as f:
+                f.write(output)
+
+    # Generate some edge cases
+    edge_cases = [
+        # Minimal valid input (just selector)
+        (0, bytearray([0])),
+        (1, bytearray([1])),
+        (2, bytearray([2])),
+        (3, bytearray([3])),
+        (4, bytearray([4])),
+        (5, bytearray([5])),
+        (6, bytearray([6])),
+
+        # Very large inputs
+        (0, bytearray([0]) + generate_random_bytes(2000, 2000)),
+        (3, bytearray([3]) + generate_random_bytes(2000, 2000)),
+
+        # Interesting byte patterns
+        (0, bytearray([0]) + bytes([0xFF] * 50)),
+        (1, bytearray([1]) + bytes([0x00] * 50)),
+        (2, bytearray([2]) + bytes([i % 256 for i in range(100)])),
+        (5, bytearray([5]) + bytes([0xAA, 0x55] * 25))  # Alternating bits
+    ]
+
+    for idx, (selector, data) in enumerate(edge_cases):
+        file_name = f"edge_{idx:02d}_sel{selector}.bin"
+        with open(os.path.join(output_dir, file_name), "wb") as f:
+            f.write(data)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description='Generate corpus for CryptoLib fuzzer')
+    parser.add_argument('--output', '-o', default='corpus',
+                        help='Output directory for corpus files')
+    parser.add_argument('--samples', '-n', type=int, default=5,
+                        help='Number of samples per selector')
+    args = parser.parse_args()
+
+    print(f"Generating corpus in directory: {args.output}")
+    generate_corpus(args.output, args.samples)
+    print(f"Generated {7 * args.samples + 11} corpus files")
+
+
+if __name__ == "__main__":
+    main()

fuzz/scripts/build-fuzz.sh

@@ -0,0 +1,155 @@
+#!/bin/bash
+
+# === Configuration Options ===
+# Set to 1 to enable aggressive optimizations (requires CPU with AVX2/FMA support)
+# Set to 0 for more compatible builds
+ENABLE_OPTIMIZATIONS=1
+
+# Navigate to project root directory
+PROJECT_ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
+cd "$PROJECT_ROOT"
+echo "🏠 Working from project root: $PROJECT_ROOT"
+
+
+# === Check for AFL++ and select best compiler ===
+echo "🔍 Checking for AFL++ compilers..."
+
+if command -v afl-clang-lto &> /dev/null; then
+    echo "✅ Found afl-clang-lto (recommended LTO mode)"
+    CC=afl-clang-lto
+    CXX=afl-clang-lto++
+elif command -v afl-clang-fast &> /dev/null; then
+    echo "✅ Found afl-clang-fast (LLVM mode)"
+    CC=afl-clang-fast
+    CXX=afl-clang-fast++
+elif command -v afl-gcc-fast &> /dev/null; then
+    echo "✅ Found afl-gcc-fast (GCC plugin mode)"
+    CC=afl-gcc-fast
+    CXX=afl-g++-fast
+elif command -v afl-gcc &> /dev/null; then
+    echo "✅ Found afl-gcc (basic AFL instrumentation)"
+    CC=afl-gcc
+    CXX=afl-g++
+else
+    echo "❌ ERROR: No AFL++ compilers found. Please install AFL++ first:"
+    echo "    git clone https://github.com/AFLplusplus/AFLplusplus"
+    echo "    cd AFLplusplus && make && sudo make install"
+    echo "See: https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/INSTALL.md"
+    exit 1
+fi
+
+# Export the selected compiler
+export CC=$CC
+export CXX=$CXX
+
+# Number of CPU cores for parallel compilation
+CORES=$(nproc)
+
+# Set optimization flags based on configuration
+if [ $ENABLE_OPTIMIZATIONS -eq 1 ]; then
+    echo "⚠️  Using aggressive optimizations (requires CPU with AVX2/FMA support)"
+    OPT_FLAGS="-O3 -march=native -mtune=native -flto -funroll-loops -ffast-math -mavx2 -mfma"
+else
+    echo "ℹ️  Using standard optimization level (compatible with most CPUs)"
+    OPT_FLAGS="-O2"
+fi
+
+# === Compile without ASan ===
+echo "🔨 Compiling CryptoLib without ASan..."
+rm -rf build
+mkdir build && cd build
+cmake .. -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \
+  -DCMAKE_C_FLAGS="$OPT_FLAGS" \
+  -DCMAKE_CXX_FLAGS="$OPT_FLAGS" \
+  -DCMAKE_EXE_LINKER_FLAGS="-flto" \
+  -DCRYPTO_LIBGCRYPT=ON \
+  -DENABLE_FUZZING=ON \
+  -DDEBUG=ON \
+  -DKEY_INTERNAL=ON \
+  -DMC_INTERNAL=ON \
+  -DSA_INTERNAL=ON
+make -j$CORES
+cd ..
+
+# === Compile with ASan ===
+echo "🔨 Compiling CryptoLib with ASan..."
+rm -rf build-asan
+mkdir build-asan && cd build-asan
+cmake .. -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \
+  -DCMAKE_C_FLAGS="-fsanitize=address $OPT_FLAGS" \
+  -DCMAKE_CXX_FLAGS="-fsanitize=address $OPT_FLAGS" \
+  -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address -flto" \
+  -DCRYPTO_LIBGCRYPT=ON \
+  -DENABLE_FUZZING=ON \
+  -DDEBUG=ON \
+  -DKEY_INTERNAL=ON \
+  -DMC_INTERNAL=ON \
+  -DSA_INTERNAL=ON
+make -j$CORES
+cd ..
+
+# === Compile with CmpLog ===
+echo "🔨 Compiling CryptoLib with CmpLog instrumentation..."
+rm -rf build-cmplog
+mkdir build-cmplog && cd build-cmplog
+export AFL_LLVM_CMPLOG=1 # Enable CmpLog instrumentation
+cmake .. -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \
+  -DCMAKE_C_FLAGS="$OPT_FLAGS" \
+  -DCMAKE_CXX_FLAGS="$OPT_FLAGS" \
+  -DCRYPTO_LIBGCRYPT=ON \
+  -DENABLE_FUZZING=ON \
+  -DDEBUG=ON \
+  -DKEY_INTERNAL=ON \
+  -DMC_INTERNAL=ON \
+  -DSA_INTERNAL=ON
+make -j$CORES
+unset AFL_LLVM_CMPLOG # Unset to avoid affecting other builds
+cd ..
+
+# === Compile with CompCov (laf-intel) ===
+echo "🔨 Compiling CryptoLib with CompCov (laf-intel) instrumentation..."
+rm -rf build-compcov
+mkdir build-compcov && cd build-compcov
+export AFL_LLVM_LAF_ALL=1 # Enable CompCov instrumentation
+cmake .. -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \
+  -DCMAKE_C_FLAGS="$OPT_FLAGS" \
+  -DCMAKE_CXX_FLAGS="$OPT_FLAGS" \
+  -DCRYPTO_LIBGCRYPT=ON \
+  -DENABLE_FUZZING=ON \
+  -DDEBUG=ON \
+  -DKEY_INTERNAL=ON \
+  -DMC_INTERNAL=ON \
+  -DSA_INTERNAL=ON
+make -j$CORES
+unset AFL_LLVM_LAF_ALL # Unset to avoid affecting other builds
+cd ..
+
+# === Final Status ===
+echo "✅ Build complete!"
+echo "📂 Non-ASan build:     'build/'"
+echo "📂 ASan build:         'build-asan/'"
+echo "📂 CmpLog build:       'build-cmplog/'"
+echo "📂 CompCov (laf-intel) build: 'build-compcov/'"
+echo ""
+echo "To run fuzzing with AFL++:"
+echo "$(dirname "$0")/run-fuzz-multithreaded.sh"
+echo ""
+echo "⚠️  AFL++ SYSTEM CONFIGURATION REMINDERS ⚠️"
+echo "For optimal fuzzing performance, consider running these commands:"
+echo ""
+echo "1️⃣  Disable CPU frequency scaling:"
+echo "   echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor"
+echo ""
+echo "2️⃣  Configure core pattern for crash analysis:"
+echo "   echo core | sudo tee /proc/sys/kernel/core_pattern"
+echo ""
+echo "📋 TROUBLESHOOTING FUZZING SESSIONS 📋"
+echo "If the fuzzer does not start or you encounter issues:"
+echo ""
+echo "1. List all screen sessions:"
+echo "   screen -ls"
+echo ""
+echo "2. Reattach to a specific session to see errors:"
+echo "   screen -r session_name"
+echo ""
+echo "3. To detach from a screen session: Press Ctrl+A, then D"