From 1a5205f080b96569647e286c3de0452c24ce45aa Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Mon, 11 Mar 2024 08:59:17 -0600 Subject: [PATCH] wip: olm/pk: trying to fuzz decryption Signed-off-by: Sumner Evans --- crypto/goolm/pk/decryption.go | 4 ++-- crypto/goolm/pk/pk_test.go | 2 +- crypto/olm/pk_goolm.go | 2 +- crypto/olm/pk_interface.go | 2 +- crypto/olm/pk_test.go | 30 ++++++++++++++++++++++++++++++ 5 files changed, 35 insertions(+), 5 deletions(-) diff --git a/crypto/goolm/pk/decryption.go b/crypto/goolm/pk/decryption.go index d08e09f4..66d963f1 100644 --- a/crypto/goolm/pk/decryption.go +++ b/crypto/goolm/pk/decryption.go @@ -34,7 +34,7 @@ func NewDecryption() (*Decryption, error) { }, nil } -// NewDescriptionFromPrivate resturns a new Decryption with the private key fixed. +// NewDescriptionFromPrivate returns a new Decryption with the private key fixed. func NewDecryptionFromPrivate(privateKey crypto.Curve25519PrivateKey) (*Decryption, error) { s := &Decryption{} keyPair, err := crypto.Curve25519GenerateFromPrivate(privateKey) @@ -56,7 +56,7 @@ func (s Decryption) PrivateKey() crypto.Curve25519PrivateKey { } // Decrypt decrypts the ciphertext and verifies the MAC. The base64 encoded key is used to construct the shared secret. -func (s Decryption) Decrypt(ciphertext, mac []byte, key id.Curve25519) ([]byte, error) { +func (s Decryption) Decrypt(key id.Curve25519, mac, ciphertext []byte) ([]byte, error) { keyDecoded, err := base64.RawStdEncoding.DecodeString(string(key)) if err != nil { return nil, err diff --git a/crypto/goolm/pk/pk_test.go b/crypto/goolm/pk/pk_test.go index 7ac524be..025dc3a7 100644 --- a/crypto/goolm/pk/pk_test.go +++ b/crypto/goolm/pk/pk_test.go @@ -48,7 +48,7 @@ func TestEncryptionDecryption(t *testing.T) { t.Fatal(err) } - decrypted, err := decryption.Decrypt(ciphertext, mac, id.Curve25519(bobPublic)) + decrypted, err := decryption.Decrypt(id.Curve25519(bobPublic), ciphertext, mac) if err != nil { t.Fatal(err) } diff --git a/crypto/olm/pk_goolm.go b/crypto/olm/pk_goolm.go index 372c94fa..cfd122b3 100644 --- a/crypto/olm/pk_goolm.go +++ b/crypto/olm/pk_goolm.go @@ -25,5 +25,5 @@ func NewPKSigning() (PKSigning, error) { } func NewPKDecryption(privateKey []byte) (PKDecryption, error) { - return pk.NewDecryption() + return pk.NewDecryptionFromPrivate(privateKey) } diff --git a/crypto/olm/pk_interface.go b/crypto/olm/pk_interface.go index 11c41431..3df7cda1 100644 --- a/crypto/olm/pk_interface.go +++ b/crypto/olm/pk_interface.go @@ -35,7 +35,7 @@ type PKDecryption interface { PublicKey() id.Curve25519 // Decrypt verifies and decrypts the given message. - Decrypt(ciphertext, mac []byte, key id.Curve25519) ([]byte, error) + Decrypt(key id.Curve25519, ciphertext, mac []byte) ([]byte, error) } var _ PKDecryption = (*pk.Decryption)(nil) diff --git a/crypto/olm/pk_test.go b/crypto/olm/pk_test.go index b57e6571..0ae67526 100644 --- a/crypto/olm/pk_test.go +++ b/crypto/olm/pk_test.go @@ -43,3 +43,33 @@ func FuzzSign(f *testing.F) { assert.Equal(t, goolmResult, libolmResult) }) } + +// func FuzzDecrypt(f *testing.F) { +// f.Add([]byte("plaintext")) + +// f.Fuzz(func(t *testing.T, plaintext []byte) { +// keyPair, err := crypto.Curve25519GenerateKey(nil) +// require.NoError(t, err) + +// goolmEncryption, err := pk.NewEncryption(keyPair.B64Encoded()) +// require.NoError(t, err) + +// ciphertext, mac, err := goolmEncryption.Encrypt(plaintext, keyPair.PrivateKey) +// assert.NoError(t, err) + +// goolmPkDecryption, err := pk.NewDecryptionFromPrivate(keyPair.PrivateKey) +// require.NoError(t, err) + +// libolmPkDecryption, err := olm.NewPkDecryption(keyPair.PrivateKey) +// require.NoError(t, err) + +// fmt.Printf("mac=%s\n", mac) +// fmt.Printf("ciphertext=%v\n", ciphertext) + +// libolmResult, libolmErr := libolmPkDecryption.Decrypt([]byte(keyPair.B64Encoded().String()), mac, []byte(base64.RawStdEncoding.EncodeToString(ciphertext))) +// goolmResult, goolmErr := goolmPkDecryption.Decrypt(keyPair.B64Encoded(), mac, ciphertext) + +// assert.Equal(t, libolmErr, goolmErr) +// assert.Equal(t, libolmResult, goolmResult) +// }) +// }