Skip to content

mmcloughlin/cryptofuzz

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cryptofuzz

Fuzzing Go crypto with go-fuzz.

Discoveries

Targets

Fuzzers compare assembly implementations to the corresponding pure Go versions.

Experimental:

Quick Start

Install dependencies with

$ ./script/bootstrap

Then start a fuzzer with ./script/fuzz <target> where <target> is one of the subdirectories of target/, for example

$ ./script/fuzz sha1
...
2019/02/05 22:37:37 workers: 4, corpus: 56 (3s ago), crashers: 0, restarts: 1/0, execs: 0 (0/sec), cover: 0, uptime: 3s
2019/02/05 22:37:40 workers: 4, corpus: 56 (6s ago), crashers: 0, restarts: 1/4459, execs: 40139 (6666/sec), cover: 124, uptime: 6s
2019/02/05 22:37:43 workers: 4, corpus: 56 (9s ago), crashers: 0, restarts: 1/4349, execs: 52191 (5787/sec), cover: 124, uptime: 9s
2019/02/05 22:37:46 workers: 4, corpus: 56 (12s ago), crashers: 0, restarts: 1/6450, execs: 103200 (8588/sec), cover: 124, uptime: 12s
...

Infrastructure

The infra/ directory contains Terraform configuration to run fuzzers on EC2 spot fleets (to minimize cost). Before you proceed note that this will cost you money.

To utilize this infrastructure, first build an archive to distribute to the boxes

$ GOOS=linux GOARCH=amd64 ./script/dist

This should build an archive of all files required to run the fuzzers on EC2 boxes. To setup the infrastructure:

$ cd infra/
$ terraform init
$ terraform apply -var 'package_path=<path to dist archive>' -var 'targets=["p256", "sha3"]'

Note this expects to find AWS credentials in ~/.aws/credentials. For each specified target, this will setup a coordinator node and a worker fleet. See variables.tf to configure the size of the worker fleet.

About

Fuzzing Go crypto

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages