diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile index 52a23a9fe..602ee5e0f 100644 --- a/tests/fuzz/Makefile +++ b/tests/fuzz/Makefile @@ -23,6 +23,7 @@ FUZZ_COMMON_OBJS := \ common/derive_basepoints.o \ common/descriptor_checksum.o \ common/fee_states.o \ + common/hsm_encryption.o \ common/htlc_state.o \ common/permute_tx.o \ common/initial_channel.o \ diff --git a/tests/fuzz/fuzz-hsm_encryption.c b/tests/fuzz/fuzz-hsm_encryption.c new file mode 100644 index 000000000..b3b779b8f --- /dev/null +++ b/tests/fuzz/fuzz-hsm_encryption.c @@ -0,0 +1,43 @@ +#include +#include + +#include +#include +#include +#include +#include +#include + +void init(int *argc, char ***argv) +{ +} + +void run(const uint8_t *data, size_t size) +{ + /* 4294967295 is crypto_pwhash_argon2id_PASSWD_MAX. libfuzzer won't + * generate inputs that large in practice, but hey. */ + if (size > 32 && size < 4294967295) { + struct secret *hsm_secret, decrypted_hsm_secret, encryption_key; + char *passphrase; + struct encrypted_hsm_secret encrypted_secret; + + /* Take the first 32 bytes as the plaintext hsm_secret seed, + * and the remaining ones as the passphrase. */ + hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, 32, 0); + passphrase = to_string(NULL, data + 32, size - 32); + + /* A valid seed, a valid passphrase. This should not fail. */ + assert(!hsm_secret_encryption_key(passphrase, &encryption_key)); + /* Roundtrip */ + assert(encrypt_hsm_secret(&encryption_key, hsm_secret, + &encrypted_secret)); + assert(decrypt_hsm_secret(&encryption_key, &encrypted_secret, + &decrypted_hsm_secret)); + assert(memeq(hsm_secret->data, sizeof(hsm_secret->data), + decrypted_hsm_secret.data, + sizeof(decrypted_hsm_secret.data))); + + tal_free(hsm_secret); + tal_free(passphrase); + } +}