Skip to content
/ CLFuzz Public

CLFuzz is a generation-based fuzzer on cryptographic algorithms. It extracts the semantic information including cryptographic-specific constraints and function signatures of targeted algorithms, and conducts a three-stage cross-check for bug detection.

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

THU-WingTecher/CLFuzz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
fuzzing
fuzzing
 
 
include/cryptofuzz
include/cryptofuzz
 
 
modules
modules
 
 
third_party
third_party
 
 
.DS_Store
.DS_Store
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
botan_importer.cpp
botan_importer.cpp
 
 
components.cpp
components.cpp
 
 
config.h
config.h
 
 
crypto.cpp
crypto.cpp
 
 
datasource.cpp
datasource.cpp
 
 
driver.cpp
driver.cpp
 
 
driver.h
driver.h
 
 
ecc_diff_fuzzer_importer.cpp
ecc_diff_fuzzer_importer.cpp
 
 
entry.cpp
entry.cpp
 
 
executor.cpp
executor.cpp
 
 
executor.h
executor.h
 
 
extra_options.h
extra_options.h
 
 
gen_repository.py
gen_repository.py
 
 
generate_corpus.cpp
generate_corpus.cpp
 
 
generate_dict.cpp
generate_dict.cpp
 
 
input_generator.cpp
input_generator.cpp
 
 
mutatorpool.cpp
mutatorpool.cpp
 
 
mutatorpool.h
mutatorpool.h
 
 
numbers.cpp
numbers.cpp
 
 
numbers.h
numbers.h
 
 
operation.cpp
operation.cpp
 
 
options.cpp
options.cpp
 
 
repository.cpp
repository.cpp
 
 
repository_map.h
repository_map.h
 
 
repository_tbl.h
repository_tbl.h
 
 
tests.cpp
tests.cpp
 
 
tests.h
tests.h
 
 
util.cpp
util.cpp
 
 
wycheproof.cpp
wycheproof.cpp
 
 

Repository files navigation

CLFuzz

CLFuzz is a generation-based fuzzer on cryptographic algorithms. It extracts the semantic information including cryptographic-specific constraints and function signatures of targeted algorithms, and conducts a three-stage cross-check for bug detection.

Project Structure

Introduction of some files and directories

  • README.md: basic information about CLFuzz
  • entry.cpp: the fuzzing entry
  • driver.cpp: driver for invoking targeted algorithms
  • input_generator.cpp: the input generator for generating high-quality test input
  • recyclepool.cpp : the oracle recycling pools
  • modules/: the driver for targeted libraries

Instruction

STEP 1: Prepare for the Environment

Set the sanitizers and fuzzing engine link.

export CFLAGS="-fsanitize=address,undefined,fuzzer-no-link -O2 -g"
export CXXFLAGS="-fsanitize=address,undefined,fuzzer-no-link -D_GLIBCXX_DEBUG -O2 -g"
export LIBFUZZER_LINK="-fsanitize=fuzzer"

STEP 1: Generate Headers

Run:

python gen_repository.py

STEP 2: Build the Modules

To build the driver for each targeted module, follow the steps:

  1. Compile the library into a static library file.
  2. Specify the required environment variables.
  3. Enter the directory for each library under modules/
  4. Make the driver

For example, when building Cryptopp, the steps are:

  1. Compile Cryptopp:
git clone --depth 1 https://github.com/weidai11/cryptopp/
cd cryptopp/
make libcryptopp.a -j$(nproc)
export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_CRYPTOPP"
export LIBCRYPTOPP_A_PATH=`realpath libcryptopp.a`
export CRYPTOPP_INCLUDE_PATH=`realpath .`
  1. Build the Driver:
cd CLFuzz/modules/cryptopp/
make

STEP 3: Build CLFuzz

Enter the root location of CLFuzz and execute:

make

This operation will generate the executable file CLFuzz.

Execute it through:

./CLFuzz

For some supported options, see Libfuzzer.

About

CLFuzz is a generation-based fuzzer on cryptographic algorithms. It extracts the semantic information including cryptographic-specific constraints and function signatures of targeted algorithms, and conducts a three-stage cross-check for bug detection.

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages