From ae40cf1a8e16462a8b9dfd076d440bc8ec796c2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C5=91rinc?= Date: Wed, 10 Apr 2024 13:20:50 +0200 Subject: [PATCH 1/4] test: Add padding tests for Base32/Base64 --- src/test/base32_tests.cpp | 25 +++++++++++++++++++++---- src/test/base64_tests.cpp | 21 +++++++++++++++++---- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/src/test/base32_tests.cpp b/src/test/base32_tests.cpp index be3b0c2d1f3..e4605bca13f 100644 --- a/src/test/base32_tests.cpp +++ b/src/test/base32_tests.cpp @@ -29,11 +29,28 @@ BOOST_AUTO_TEST_CASE(base32_testvectors) BOOST_CHECK_MESSAGE(std::ranges::equal(*dec, vstrIn[i]), vstrOut[i]); } + BOOST_CHECK(!DecodeBase32("AWSX3VPPinvalid")); // invalid size + BOOST_CHECK( DecodeBase32("AWSX3VPP")); // valid + // Decoding strings with embedded NUL characters should fail - BOOST_CHECK(!DecodeBase32("invalid\0"s)); // correct size, invalid due to \0 - BOOST_CHECK(DecodeBase32("AWSX3VPP"s)); // valid - BOOST_CHECK(!DecodeBase32("AWSX3VPP\0invalid"s)); // correct size, invalid due to \0 - BOOST_CHECK(!DecodeBase32("AWSX3VPPinvalid"s)); // invalid size + BOOST_CHECK(!DecodeBase32("invalid\0"sv)); // correct size, invalid due to \0 + BOOST_CHECK(!DecodeBase32("AWSX3VPP\0invalid"sv)); // correct size, invalid due to \0 +} + +BOOST_AUTO_TEST_CASE(base32_padding) +{ + // Is valid without padding + BOOST_CHECK_EQUAL(EncodeBase32("fooba"), "mzxw6ytb"); + + // Valid size + BOOST_CHECK(!DecodeBase32("========")); + BOOST_CHECK(!DecodeBase32("a=======")); + BOOST_CHECK( DecodeBase32("aa======")); + BOOST_CHECK(!DecodeBase32("aaa=====")); + BOOST_CHECK( DecodeBase32("aaaa====")); + BOOST_CHECK( DecodeBase32("aaaaa===")); + BOOST_CHECK(!DecodeBase32("aaaaaa==")); + BOOST_CHECK( DecodeBase32("aaaaaaa=")); } BOOST_AUTO_TEST_SUITE_END() diff --git a/src/test/base64_tests.cpp b/src/test/base64_tests.cpp index b9d0d2b2412..d505caabbe7 100644 --- a/src/test/base64_tests.cpp +++ b/src/test/base64_tests.cpp @@ -36,11 +36,24 @@ BOOST_AUTO_TEST_CASE(base64_testvectors) BOOST_CHECK_EQUAL(EncodeBase64(in_s), out_exp); } + BOOST_CHECK(DecodeBase64("nQB/pZw=")); // valid + // Decoding strings with embedded NUL characters should fail - BOOST_CHECK(!DecodeBase64("invalid\0"s)); - BOOST_CHECK(DecodeBase64("nQB/pZw="s)); - BOOST_CHECK(!DecodeBase64("nQB/pZw=\0invalid"s)); - BOOST_CHECK(!DecodeBase64("nQB/pZw=invalid\0"s)); + BOOST_CHECK(!DecodeBase64("invalid\0"sv)); // correct size, invalid due to \0 + BOOST_CHECK(!DecodeBase64("nQB/pZw=\0invalid"sv)); + BOOST_CHECK(!DecodeBase64("nQB/pZw=invalid\0"sv)); // invalid, padding only allowed at the end +} + +BOOST_AUTO_TEST_CASE(base64_padding) +{ + // Is valid without padding + BOOST_CHECK_EQUAL(EncodeBase64("foobar"), "Zm9vYmFy"); + + // Valid size + BOOST_CHECK(!DecodeBase64("====")); + BOOST_CHECK(!DecodeBase64("a===")); + BOOST_CHECK( DecodeBase64("YQ==")); + BOOST_CHECK( DecodeBase64("YWE=")); } BOOST_AUTO_TEST_SUITE_END() From 5dd3a0d8a899e4c7263d5b999135f4d7584e1244 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C5=91rinc?= Date: Thu, 29 Aug 2024 19:23:16 +0200 Subject: [PATCH 2/4] test: Extend base58_encode_decode.json with edge cases Added edge cases, such as transitions at powers of 58, to verify boundary behavior. --- src/test/base58_tests.cpp | 4 ++-- src/test/data/base58_encode_decode.json | 9 ++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/test/base58_tests.cpp b/src/test/base58_tests.cpp index 5e97c9f4d6f..d0e9d45b417 100644 --- a/src/test/base58_tests.cpp +++ b/src/test/base58_tests.cpp @@ -65,7 +65,7 @@ BOOST_AUTO_TEST_CASE(base58_DecodeBase58) BOOST_CHECK(!DecodeBase58("invalid\0"s, result, 100)); BOOST_CHECK(!DecodeBase58("\0invalid"s, result, 100)); - BOOST_CHECK(DecodeBase58("good"s, result, 100)); + BOOST_CHECK( DecodeBase58("good"s, result, 100)); BOOST_CHECK(!DecodeBase58("bad0IOl"s, result, 100)); BOOST_CHECK(!DecodeBase58("goodbad0IOl"s, result, 100)); BOOST_CHECK(!DecodeBase58("good\0bad0IOl"s, result, 100)); @@ -76,7 +76,7 @@ BOOST_AUTO_TEST_CASE(base58_DecodeBase58) constexpr auto expected{"971a55"_hex_u8}; BOOST_CHECK_EQUAL_COLLECTIONS(result.begin(), result.end(), expected.begin(), expected.end()); - BOOST_CHECK(DecodeBase58Check("3vQB7B6MrGQZaxCuFg4oh"s, result, 100)); + BOOST_CHECK( DecodeBase58Check("3vQB7B6MrGQZaxCuFg4oh"s, result, 100)); BOOST_CHECK(!DecodeBase58Check("3vQB7B6MrGQZaxCuFg4oi"s, result, 100)); BOOST_CHECK(!DecodeBase58Check("3vQB7B6MrGQZaxCuFg4oh0IOl"s, result, 100)); BOOST_CHECK(!DecodeBase58Check("3vQB7B6MrGQZaxCuFg4oh\0" "0IOl"s, result, 100)); diff --git a/src/test/data/base58_encode_decode.json b/src/test/data/base58_encode_decode.json index 1a4bd7f4584..7255fd45c80 100644 --- a/src/test/data/base58_encode_decode.json +++ b/src/test/data/base58_encode_decode.json @@ -11,6 +11,13 @@ ["ecac89cad93923c02321", "EJDM8drfXA6uyA"], ["10c8511e", "Rt5zm"], ["00000000000000000000", "1111111111"], +["00000000000000000000000000000000000000000000000000000000000000000000000000000000", "1111111111111111111111111111111111111111"], +["00000000000000000000000000000000000000000000000000000000000000000000000000000001", "1111111111111111111111111111111111111112"], +["0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec39d04c37e71e5d591881f6", "111111111111111111111111111111111111111111111111111111111111111111111111111111111111115TYzLYH1udmLdzCLM"], ["000111d38e5fc9071ffcd20b4a763cc9ae4f252bb4e48fd66a835e252ada93ff480d6dd43dc62a641155a5", "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"], -["000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "1cWB5HCBdLjAuqGGReWE3R3CguuwSjw6RHn39s2yuDRTS5NsBgNiFpWgAnEx6VQi8csexkgYw3mdYrMHr8x9i7aEwP8kZ7vccXWqKDvGv3u1GxFKPuAkn8JCPPGDMf3vMMnbzm6Nh9zh1gcNsMvH3ZNLmP5fSG6DGbbi2tuwMWPthr4boWwCxf7ewSgNQeacyozhKDDQQ1qL5fQFUW52QKUZDZ5fw3KXNQJMcNTcaB723LchjeKun7MuGW5qyCBZYzA1KjofN1gYBV3NqyhQJ3Ns746GNuf9N2pQPmHz4xpnSrrfCvy6TVVz5d4PdrjeshsWQwpZsZGzvbdAdN8MKV5QsBDY"] +["000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "1cWB5HCBdLjAuqGGReWE3R3CguuwSjw6RHn39s2yuDRTS5NsBgNiFpWgAnEx6VQi8csexkgYw3mdYrMHr8x9i7aEwP8kZ7vccXWqKDvGv3u1GxFKPuAkn8JCPPGDMf3vMMnbzm6Nh9zh1gcNsMvH3ZNLmP5fSG6DGbbi2tuwMWPthr4boWwCxf7ewSgNQeacyozhKDDQQ1qL5fQFUW52QKUZDZ5fw3KXNQJMcNTcaB723LchjeKun7MuGW5qyCBZYzA1KjofN1gYBV3NqyhQJ3Ns746GNuf9N2pQPmHz4xpnSrrfCvy6TVVz5d4PdrjeshsWQwpZsZGzvbdAdN8MKV5QsBDY"], +["271F359E", "zzzzy"], +["271F359F", "zzzzz"], +["271F35A0", "211111"], +["271F35A1", "211112"] ] From 635bc58f46b158cd6f77fda80001c2bccd5f83b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C5=91rinc?= Date: Thu, 29 Aug 2024 19:03:40 +0200 Subject: [PATCH 3/4] test: Fuzz Base32/Base58/Base64 roundtrip conversions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit introduces symmetric encode-decode roundtrips for all bases. Minor refactors were also included: • Split each base into a separate fuzz target. • Added symmetric encode-decode roundtrip tests for all bases. • Removed trim testing for encoded_string, as Base58 does not use whitespace padding. • Made comparisons stricter by removing unnecessary lowercase conversions for bases that have mixed-case alphabets. Co-authored-by: Hodlinator <172445034+hodlinator@users.noreply.github.com> --- src/test/base58_tests.cpp | 16 ----- src/test/fuzz/base_encode_decode.cpp | 89 ++++++++++++++++++++-------- 2 files changed, 65 insertions(+), 40 deletions(-) diff --git a/src/test/base58_tests.cpp b/src/test/base58_tests.cpp index d0e9d45b417..62db257a78c 100644 --- a/src/test/base58_tests.cpp +++ b/src/test/base58_tests.cpp @@ -82,20 +82,4 @@ BOOST_AUTO_TEST_CASE(base58_DecodeBase58) BOOST_CHECK(!DecodeBase58Check("3vQB7B6MrGQZaxCuFg4oh\0" "0IOl"s, result, 100)); } -BOOST_AUTO_TEST_CASE(base58_random_encode_decode) -{ - for (int n = 0; n < 1000; ++n) { - unsigned int len = 1 + m_rng.randbits(8); - unsigned int zeroes = m_rng.randbool() ? m_rng.randrange(len + 1) : 0; - auto data = Cat(std::vector(zeroes, '\000'), m_rng.randbytes(len - zeroes)); - auto encoded = EncodeBase58Check(data); - std::vector decoded; - auto ok_too_small = DecodeBase58Check(encoded, decoded, m_rng.randrange(len)); - BOOST_CHECK(!ok_too_small); - auto ok = DecodeBase58Check(encoded, decoded, len + m_rng.randrange(257 - len)); - BOOST_CHECK(ok); - BOOST_CHECK(data == decoded); - } -} - BOOST_AUTO_TEST_SUITE_END() diff --git a/src/test/fuzz/base_encode_decode.cpp b/src/test/fuzz/base_encode_decode.cpp index 0cc8cb58862..df3c10b4b1d 100644 --- a/src/test/fuzz/base_encode_decode.cpp +++ b/src/test/fuzz/base_encode_decode.cpp @@ -6,49 +6,90 @@ #include #include +#include #include #include #include -#include #include #include +#include -using util::TrimString; using util::TrimStringView; -FUZZ_TARGET(base_encode_decode) +FUZZ_TARGET(base58_encode_decode) { - const std::string random_encoded_string(buffer.begin(), buffer.end()); + FuzzedDataProvider provider(buffer.data(), buffer.size()); + const std::string random_string{provider.ConsumeRandomLengthString(1000)}; + // Decode/Encode roundtrip std::vector decoded; - if (DecodeBase58(random_encoded_string, decoded, 100)) { - const std::string encoded_string = EncodeBase58(decoded); - assert(encoded_string == TrimStringView(encoded_string)); - assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string))); + if (DecodeBase58(random_string, decoded, 100)) { + const auto encoded_string{EncodeBase58(decoded)}; + assert(encoded_string == TrimStringView(random_string)); + assert(encoded_string.empty() || !DecodeBase58(encoded_string, decoded, provider.ConsumeIntegralInRange(0, decoded.size() - 1))); } + // Encode/Decode roundtrip + const auto encoded{EncodeBase58(buffer)}; + std::vector roundtrip_decoded; + assert(DecodeBase58(encoded, roundtrip_decoded, buffer.size()) + && std::ranges::equal(roundtrip_decoded, buffer)); +} - if (DecodeBase58Check(random_encoded_string, decoded, 100)) { - const std::string encoded_string = EncodeBase58Check(decoded); - assert(encoded_string == TrimString(encoded_string)); - assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string))); - } +FUZZ_TARGET(base58check_encode_decode) +{ + FuzzedDataProvider provider(buffer.data(), buffer.size()); + const std::string random_string{provider.ConsumeRandomLengthString(1000)}; - auto result = DecodeBase32(random_encoded_string); - if (result) { - const std::string encoded_string = EncodeBase32(*result); - assert(encoded_string == TrimStringView(encoded_string)); - assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string))); + // Decode/Encode roundtrip + std::vector decoded; + if (DecodeBase58Check(random_string, decoded, 100)) { + const auto encoded_string{EncodeBase58Check(decoded)}; + assert(encoded_string == TrimStringView(random_string)); + assert(encoded_string.empty() || !DecodeBase58Check(encoded_string, decoded, provider.ConsumeIntegralInRange(0, decoded.size() - 1))); } + // Encode/Decode roundtrip + const auto encoded{EncodeBase58Check(buffer)}; + std::vector roundtrip_decoded; + assert(DecodeBase58Check(encoded, roundtrip_decoded, buffer.size()) + && std::ranges::equal(roundtrip_decoded, buffer)); +} - result = DecodeBase64(random_encoded_string); - if (result) { - const std::string encoded_string = EncodeBase64(*result); - assert(encoded_string == TrimString(encoded_string)); - assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string))); +FUZZ_TARGET(base32_encode_decode) +{ + const std::string random_string{buffer.begin(), buffer.end()}; + + // Decode/Encode roundtrip + if (auto result{DecodeBase32(random_string)}) { + const auto encoded_string{EncodeBase32(*result)}; + assert(encoded_string == ToLower(TrimStringView(random_string))); } + // Encode/Decode roundtrip + const auto encoded{EncodeBase32(buffer)}; + const auto decoded{DecodeBase32(encoded)}; + assert(decoded && std::ranges::equal(*decoded, buffer)); +} + +FUZZ_TARGET(base64_encode_decode) +{ + const std::string random_string{buffer.begin(), buffer.end()}; + + // Decode/Encode roundtrip + if (auto result{DecodeBase64(random_string)}) { + const auto encoded_string{EncodeBase64(*result)}; + assert(encoded_string == TrimStringView(random_string)); + } + // Encode/Decode roundtrip + const auto encoded{EncodeBase64(buffer)}; + const auto decoded{DecodeBase64(encoded)}; + assert(decoded && std::ranges::equal(*decoded, buffer)); +} + +FUZZ_TARGET(psbt_base64_decode) +{ + const std::string random_string{buffer.begin(), buffer.end()}; PartiallySignedTransaction psbt; std::string error; - (void)DecodeBase64PSBT(psbt, random_encoded_string, error); + assert(DecodeBase64PSBT(psbt, random_string, error) == error.empty()); } From f919d919eb8425ef2bb25aa0ebf61c90ab9b07fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C5=91rinc?= Date: Fri, 27 Dec 2024 22:16:25 +0100 Subject: [PATCH 4/4] fuzz: Add fuzzing for max_ret_len in DecodeBase58/DecodeBase58Check Different values are used for max_ret_len throughout the codebase (e.g., 21, 34, 78). Theoretically, negative and zero values are also permitted. Let's stress-test those as well. Co-authored-by: brunoerg --- src/test/fuzz/base_encode_decode.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test/fuzz/base_encode_decode.cpp b/src/test/fuzz/base_encode_decode.cpp index df3c10b4b1d..06b249fb8d3 100644 --- a/src/test/fuzz/base_encode_decode.cpp +++ b/src/test/fuzz/base_encode_decode.cpp @@ -21,10 +21,11 @@ FUZZ_TARGET(base58_encode_decode) { FuzzedDataProvider provider(buffer.data(), buffer.size()); const std::string random_string{provider.ConsumeRandomLengthString(1000)}; + const int max_ret_len{provider.ConsumeIntegralInRange(-1, 1000)}; // Decode/Encode roundtrip std::vector decoded; - if (DecodeBase58(random_string, decoded, 100)) { + if (DecodeBase58(random_string, decoded, max_ret_len)) { const auto encoded_string{EncodeBase58(decoded)}; assert(encoded_string == TrimStringView(random_string)); assert(encoded_string.empty() || !DecodeBase58(encoded_string, decoded, provider.ConsumeIntegralInRange(0, decoded.size() - 1))); @@ -40,10 +41,11 @@ FUZZ_TARGET(base58check_encode_decode) { FuzzedDataProvider provider(buffer.data(), buffer.size()); const std::string random_string{provider.ConsumeRandomLengthString(1000)}; + const int max_ret_len{provider.ConsumeIntegralInRange(-1, 1000)}; // Decode/Encode roundtrip std::vector decoded; - if (DecodeBase58Check(random_string, decoded, 100)) { + if (DecodeBase58Check(random_string, decoded, max_ret_len)) { const auto encoded_string{EncodeBase58Check(decoded)}; assert(encoded_string == TrimStringView(random_string)); assert(encoded_string.empty() || !DecodeBase58Check(encoded_string, decoded, provider.ConsumeIntegralInRange(0, decoded.size() - 1)));