1#!/bin/bash -eu 2# Copyright 2021 Google LLC 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16################################################################################ 17 18export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL" 19export LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" 20 21# Install Boost headers 22cd $SRC/ 23tar jxf boost_1_74_0.tar.bz2 24cd boost_1_74_0/ 25CFLAGS="" CXXFLAGS="" ./bootstrap.sh 26CFLAGS="" CXXFLAGS="" ./b2 headers 27export CXXFLAGS="$CXXFLAGS -I $SRC/boost_1_74_0/" 28 29# Preconfigure libsecp256k1 30cd $SRC/secp256k1/ 31autoreconf -ivf 32export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SECP256K1" 33 34function build_libsecp256k1() { 35 # Build libsecp256k1 36 cd $SRC/secp256k1/ 37 38 if test -f "Makefile"; then 39 # Remove old configuration if it exists 40 make clean 41 42 # Prevent the error: 43 # "configuration mismatch, invalid ECMULT_WINDOW_SIZE. Try deleting ecmult_static_pre_g.h before the build." 44 rm -f src/ecmult_static_pre_g.h 45 fi 46 47 SECP256K1_CONFIGURE_PARAMS=" 48 --enable-static 49 --disable-tests 50 --disable-benchmark 51 --disable-exhaustive-tests 52 --enable-module-recovery 53 --enable-experimental 54 --enable-module-schnorrsig 55 --enable-module-ecdh" 56 57 if [[ $CFLAGS = *sanitize=memory* ]] 58 then 59 ./configure $SECP256K1_CONFIGURE_PARAMS --with-asm=no "$@" 60 else 61 ./configure $SECP256K1_CONFIGURE_PARAMS "$@" 62 fi 63 make 64 65 export SECP256K1_INCLUDE_PATH=$(realpath .) 66 export LIBSECP256K1_A_PATH=$(realpath .libs/libsecp256k1.a) 67 68 # Build libsecp256k1 Cryptofuzz module 69 cd $SRC/cryptofuzz/modules/secp256k1/ 70 make -B -j$(nproc) 71} 72 73# Build Trezor firmware 74cd $SRC/trezor-firmware/crypto/ 75# Rename blake2b_* functions to avoid symbol collisions with other libraries 76sed -i "s/\<blake2b_\([A-Za-z_]\)/trezor_blake2b_\1/g" *.c *.h 77sed -i 's/\<blake2b(/trezor_blake2b(/g' *.c *.h 78cd ../../ 79export TREZOR_FIRMWARE_PATH=$(realpath trezor-firmware) 80export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_TREZOR_FIRMWARE" 81 82# Build Botan 83cd $SRC/botan 84if [[ $CFLAGS != *-m32* ]] 85then 86 ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation 87else 88 ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation 89fi 90make -j$(nproc) 91 92export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN -DCRYPTOFUZZ_BOTAN_IS_ORACLE" 93export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" 94export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" 95 96# Build Cryptofuzz 97cd $SRC/cryptofuzz 98python gen_repository.py 99rm extra_options.h 100echo -n '"' >>extra_options.h 101echo -n '--operations=' >>extra_options.h 102echo -n 'Digest,' >>extra_options.h 103echo -n 'HMAC,' >>extra_options.h 104echo -n 'KDF_HKDF,' >>extra_options.h 105echo -n 'SymmetricEncrypt,' >>extra_options.h 106echo -n 'SymmetricDecrypt,' >>extra_options.h 107echo -n 'ECC_PrivateToPublic,' >>extra_options.h 108echo -n 'ECC_ValidatePubkey,' >>extra_options.h 109echo -n 'ECC_Point_Add,' >>extra_options.h 110echo -n 'ECC_Point_Mul,' >>extra_options.h 111echo -n 'ECDSA_Sign,' >>extra_options.h 112echo -n 'ECDSA_Verify,' >>extra_options.h 113echo -n 'ECDSA_Recover,' >>extra_options.h 114echo -n 'Schnorr_Sign,' >>extra_options.h 115echo -n 'Schnorr_Verify,' >>extra_options.h 116echo -n 'ECDH_Derive,' >>extra_options.h 117echo -n 'BignumCalc_Mod_2Exp256 ' >>extra_options.h 118echo -n 'BignumCalc_Mod_SECP256K1 ' >>extra_options.h 119echo -n '--curves=secp256k1 ' >>extra_options.h 120echo -n '--digests=NULL,SHA1,SHA256,SHA512,RIPEMD160,SHA3-256,SIPHASH64 ' >>extra_options.h 121echo -n '--ciphers=CHACHA20,AES_256_CBC ' >>extra_options.h 122echo -n '--calcops=' >>extra_options.h 123# Bitcoin Core arith_uint256.cpp operations 124echo -n 'Add,And,Div,IsEq,IsGt,IsGte,IsLt,IsLte,IsOdd,Mul,NumBits,Or,Set,Sub,Xor,' >>extra_options.h 125# libsecp256k1 scalar operations 126echo -n 'IsZero,IsOne,IsEven,Add,Mul,InvMod,IsEq,CondSet,Bit,Set,RShift ' >>extra_options.h 127echo -n '"' >>extra_options.h 128cd modules/bitcoin/ 129export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BITCOIN" 130make -B -j$(nproc) 131cd ../trezor/ 132make -B -j$(nproc) 133cd ../botan/ 134make -B -j$(nproc) 135 136cd ../schnorr_fun/ 137export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SCHNORR_FUN" 138if [[ $CFLAGS != *-m32* ]] 139then 140 make 141else 142 make -f Makefile.i386 143fi 144 145cd ../../ 146 147# Build with 3 configurations of libsecp256k1 148# Discussion: https://github.com/google/oss-fuzz/pull/5717#issuecomment-842765383 149 150build_libsecp256k1 "--with-ecmult-window=2" "--with-ecmult-gen-precision=2" 151cd $SRC/cryptofuzz/ 152make -B -j$(nproc) 153cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w2-p2 154 155build_libsecp256k1 "--with-ecmult-window=15" "--with-ecmult-gen-precision=4" 156cd $SRC/cryptofuzz/ 157rm cryptofuzz 158make 159cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w15-p4 160 161build_libsecp256k1 "--with-ecmult-window=20" "--with-ecmult-gen-precision=8" 162cd $SRC/cryptofuzz/ 163rm cryptofuzz 164make 165cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w20-p8 166 167# Convert Wycheproof test vectors to Cryptofuzz corpus format 168mkdir $SRC/corpus-cryptofuzz-wycheproof/ 169find $SRC/wycheproof/testvectors/ -type f -name 'ecdsa_secp256k1_*' -exec $SRC/cryptofuzz/cryptofuzz --from-wycheproof={},$SRC/corpus-cryptofuzz-wycheproof/ \; 170# Pack the Wycheproof test vectors 171zip -j cryptofuzz-bitcoin-cryptography_seed_corpus.zip $SRC/corpus-cryptofuzz-wycheproof/* 172# Use them as the seed corpus for each of the fuzzers 173cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w2-p2_seed_corpus.zip 174cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w15-p4_seed_corpus.zip 175cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w20-p8_seed_corpus.zip 176