Fuzz hmac

fuzzing/fuzz_hmac.cpp

@@ -0,0 +1,75 @@
+// Copyright 2025 Matt Borland
+// Distributed under the Boost Software License, Version 1.0.
+// https://www.boost.org/LICENSE_1_0.txt
+
+#include <boost/crypt2/hash/sha1.hpp>
+#include <boost/crypt2/hash/sha512.hpp>
+#include <boost/crypt2/hash/sha3_256.hpp>
+#include <boost/crypt2/mac/hmac.hpp>
+#include <iostream>
+#include <exception>
+#include <string>
+#include <vector>
+#include <cstdint>
+#include <string>
+#include <span>
+#include <string_view>
+#include <vector>
+#include <type_traits>
+
+using namespace boost::crypt;
+
+// Type list to store hasher types
+template<typename... Ts>
+struct type_list {};
+
+// Helper to iterate over types
+template<typename TypeList, template<typename> class F>
+struct for_each_type;
+
+template<template<typename> class F, typename... Ts>
+struct for_each_type<type_list<Ts...>, F> {
+    static void apply(const std::uint8_t* data, std::size_t size) {
+        (F<Ts>::apply(data, size), ...);
+    }
+};
+
+// Functor to process each hash type
+template<typename Hasher>
+struct process_hash {
+    static void apply(const std::uint8_t* data, std::size_t size) {
+        auto c_data = reinterpret_cast<const char*>(data);
+        std::string c_data_str{c_data, size};
+        std::span<const std::uint8_t> c_data_span{data, size};
+        std::string_view c_data_str_view{c_data_str};
+
+        hmac<Hasher> hmac_tester;
+        hmac_tester.init(c_data_str);
+        hmac_tester.process_bytes(c_data_span);
+        hmac_tester.process_bytes(c_data_str_view);
+        hmac_tester.finalize();
+        std::vector<std::byte> return_vector(size);
+        [[maybe_unused]] const auto code = hmac_tester.get_digest(return_vector);
+    }
+};
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size) {
+    if (data == nullptr || size == 0) {
+        return 0;
+    }
+
+    try {
+        using hasher_types = type_list<
+                sha1_hasher,
+                sha512_hasher,
+                sha3_256_hasher
+        >;
+
+        for_each_type<hasher_types, process_hash>::apply(data, size);
+    }
+    catch (...) {
+        return 0; // Silent failure for fuzzing
+    }
+
+    return 0;
+}

fuzzing/fuzz_sha3_224.cpp

@@ -0,0 +1,41 @@
+// Copyright 2024 Matt Borland
+// Distributed under the Boost Software License, Version 1.0.
+// https://www.boost.org/LICENSE_1_0.txt
+
+#include <boost/crypt2/hash/sha3_224.hpp>
+#include <iostream>
+#include <exception>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size)
+{
+    try
+    {
+        auto c_data = reinterpret_cast<const char*>(data);
+        std::string c_data_str {c_data, size}; // Guarantee null termination since we can't pass the size argument
+
+        boost::crypt::sha3_224(c_data_str);
+
+        std::string_view view {c_data_str};
+        boost::crypt::sha3_224(view);
+
+        std::span data_span {c_data, size};
+        boost::crypt::sha3_224(data_span);
+
+        // Fuzz the hasher object
+        boost::crypt::sha3_224_hasher hasher;
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.finalize();
+        [[maybe_unused]] const auto res = hasher.get_digest();
+        hasher.process_bytes(data_span); // State is invalid but should not crash
+    }
+    catch(...)
+    {
+        std::cerr << "Error with: " << data << std::endl;
+        std::terminate();
+    }
+
+    return 0;
+}

fuzzing/fuzz_sha3_256.cpp

@@ -0,0 +1,41 @@
+// Copyright 2024 Matt Borland
+// Distributed under the Boost Software License, Version 1.0.
+// https://www.boost.org/LICENSE_1_0.txt
+
+#include <boost/crypt2/hash/sha3_256.hpp>
+#include <iostream>
+#include <exception>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size)
+{
+    try
+    {
+        auto c_data = reinterpret_cast<const char*>(data);
+        std::string c_data_str {c_data, size}; // Guarantee null termination since we can't pass the size argument
+
+        boost::crypt::sha3_256(c_data_str);
+
+        std::string_view view {c_data_str};
+        boost::crypt::sha3_256(view);
+
+        std::span data_span {c_data, size};
+        boost::crypt::sha3_256(data_span);
+
+        // Fuzz the hasher object
+        boost::crypt::sha3_256_hasher hasher;
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.finalize();
+        [[maybe_unused]] const auto res = hasher.get_digest();
+        hasher.process_bytes(data_span); // State is invalid but should not crash
+    }
+    catch(...)
+    {
+        std::cerr << "Error with: " << data << std::endl;
+        std::terminate();
+    }
+
+    return 0;
+}

fuzzing/fuzz_sha3_384.cpp

@@ -0,0 +1,41 @@
+// Copyright 2024 Matt Borland
+// Distributed under the Boost Software License, Version 1.0.
+// https://www.boost.org/LICENSE_1_0.txt
+
+#include <boost/crypt2/hash/sha3_384.hpp>
+#include <iostream>
+#include <exception>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size)
+{
+    try
+    {
+        auto c_data = reinterpret_cast<const char*>(data);
+        std::string c_data_str {c_data, size}; // Guarantee null termination since we can't pass the size argument
+
+        boost::crypt::sha3_384(c_data_str);
+
+        std::string_view view {c_data_str};
+        boost::crypt::sha3_384(view);
+
+        std::span data_span {c_data, size};
+        boost::crypt::sha3_384(data_span);
+
+        // Fuzz the hasher object
+        boost::crypt::sha3_384_hasher hasher;
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.finalize();
+        [[maybe_unused]] const auto res = hasher.get_digest();
+        hasher.process_bytes(data_span); // State is invalid but should not crash
+    }
+    catch(...)
+    {
+        std::cerr << "Error with: " << data << std::endl;
+        std::terminate();
+    }
+
+    return 0;
+}

fuzzing/fuzz_shake128.cpp

@@ -0,0 +1,41 @@
+// Copyright 2024 Matt Borland
+// Distributed under the Boost Software License, Version 1.0.
+// https://www.boost.org/LICENSE_1_0.txt
+
+#include <boost/crypt2/hash/shake128.hpp>
+#include <iostream>
+#include <exception>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size)
+{
+    try
+    {
+        auto c_data = reinterpret_cast<const char*>(data);
+        std::string c_data_str {c_data, size}; // Guarantee null termination since we can't pass the size argument
+
+        boost::crypt::shake128(c_data_str);
+
+        std::string_view view {c_data_str};
+        boost::crypt::shake128(view);
+
+        std::span data_span {c_data, size};
+        boost::crypt::shake128(data_span);
+
+        // Fuzz the hasher object
+        boost::crypt::shake128_hasher hasher;
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.finalize();
+        [[maybe_unused]] const auto res = hasher.get_digest();
+        hasher.process_bytes(data_span); // State is invalid but should not crash
+    }
+    catch(...)
+    {
+        std::cerr << "Error with: " << data << std::endl;
+        std::terminate();
+    }
+
+    return 0;
+}

fuzzing/fuzz_shake256.cpp

@@ -0,0 +1,41 @@
+// Copyright 2024 Matt Borland
+// Distributed under the Boost Software License, Version 1.0.
+// https://www.boost.org/LICENSE_1_0.txt
+
+#include <boost/crypt2/hash/shake256.hpp>
+#include <iostream>
+#include <exception>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size)
+{
+    try
+    {
+        auto c_data = reinterpret_cast<const char*>(data);
+        std::string c_data_str {c_data, size}; // Guarantee null termination since we can't pass the size argument
+
+        boost::crypt::shake256(c_data_str);
+
+        std::string_view view {c_data_str};
+        boost::crypt::shake256(view);
+
+        std::span data_span {c_data, size};
+        boost::crypt::shake256(data_span);
+
+        // Fuzz the hasher object
+        boost::crypt::shake256_hasher hasher;
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.process_bytes(data_span);
+        hasher.finalize();
+        [[maybe_unused]] const auto res = hasher.get_digest();
+        hasher.process_bytes(data_span); // State is invalid but should not crash
+    }
+    catch(...)
+    {
+        std::cerr << "Error with: " << data << std::endl;
+        std::terminate();
+    }
+
+    return 0;
+}