tests/fuzz: add a fuzz target for hsm_encryption

Signed-off-by: Antoine Poinsot <[email protected]>

tests/fuzz/Makefile

@@ -23,6 +23,7 @@ FUZZ_COMMON_OBJS := \
 	common/derive_basepoints.o			\
 	common/descriptor_checksum.o			\
 	common/fee_states.o				\
+	common/hsm_encryption.o				\
 	common/htlc_state.o				\
 	common/permute_tx.o				\
 	common/initial_channel.o			\

tests/fuzz/fuzz-hsm_encryption.c

@@ -0,0 +1,43 @@
+#include <assert.h>
+#include <tests/fuzz/libfuzz.h>
+
+#include <bitcoin/privkey.h>
+#include <ccan/mem/mem.h>
+#include <ccan/short_types/short_types.h>
+#include <ccan/tal/tal.h>
+#include <common/hsm_encryption.h>
+#include <common/utils.h>
+
+void init(int *argc, char ***argv)
+{
+}
+
+void run(const uint8_t *data, size_t size)
+{
+	/* 4294967295 is crypto_pwhash_argon2id_PASSWD_MAX. libfuzzer won't
+	 * generate inputs that large in practice, but hey. */
+	if (size > 32 && size < 4294967295) {
+		struct secret *hsm_secret, decrypted_hsm_secret, encryption_key;
+		char *passphrase;
+		struct encrypted_hsm_secret encrypted_secret;
+
+		/* Take the first 32 bytes as the plaintext hsm_secret seed,
+		 * and the remaining ones as the passphrase. */
+		hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, 32, 0);
+		passphrase = to_string(NULL, data + 32, size - 32);
+
+		/* A valid seed, a valid passphrase. This should not fail. */
+		assert(!hsm_secret_encryption_key(passphrase, &encryption_key));
+		/* Roundtrip */
+		assert(encrypt_hsm_secret(&encryption_key, hsm_secret,
+					  &encrypted_secret));
+		assert(decrypt_hsm_secret(&encryption_key, &encrypted_secret,
+					  &decrypted_hsm_secret));
+		assert(memeq(hsm_secret->data, sizeof(hsm_secret->data),
+			     decrypted_hsm_secret.data,
+			     sizeof(decrypted_hsm_secret.data)));
+
+		tal_free(hsm_secret);
+		tal_free(passphrase);
+	}
+}