fuzz-tests: Add differential test for HMAC-SHA256

Changelog-Added: Add a differential fuzz test for
HMAC-SHA256, similar to those for SHA256 and RIPEMD160,
to verify CCAN’s implementation against OpenSSL’s.

Author: Chandra Pratap

Makefile

@@ -283,7 +283,7 @@ ifeq ($(STATIC),1)
 # But that doesn't static link.
 LDLIBS = -L$(CPATH) -Wl,-dn $(SQLITE3_LDLIBS) -Wl,-dy -lm -lpthread -ldl $(COVFLAGS)
 else
-LDLIBS = -L$(CPATH) -lm $(SQLITE3_LDLIBS) $(COVFLAGS)
+LDLIBS = -L$(CPATH) -lm $(SQLITE3_LDLIBS) -lcrypto $(COVFLAGS)
 endif
 
 # If we have the postgres client library we need to link against it as well

tests/fuzz/fuzz-hmac-sha256.c

@@ -0,0 +1,87 @@
+/* This is a differential fuzz test comparing CCAN's HMAC‑SHA256 implementation
+ * against OpenSSL's HMAC.
+ */
+#include "config.h"
+#include <assert.h>
+#include <ccan/crypto/hmac_sha256/hmac_sha256.h>
+#include <ccan/mem/mem.h>
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#include <tests/fuzz/libfuzz.h>
+
+/* Fixed key for testing purposes */
+static const unsigned char hmac_key[] = "fuzz";
+static const size_t hmac_key_len = sizeof(hmac_key) - 1;
+
+static EVP_MAC *hmac_sha256_algo;
+
+void init(int *argc, char ***argv)
+{
+    hmac_sha256_algo = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    assert(hmac_sha256_algo);
+}
+
+/* Test that splitting the data and updating via multiple calls yields the same
+ * result as processing the data in a single pass.
+ */
+static void test_split_update(int num_splits, const struct hmac_sha256 *expected,
+                              const u8 *data, size_t size)
+{
+    const size_t split_size = size / (num_splits + 1);
+    struct hmac_sha256_ctx ctx;
+    struct hmac_sha256 actual;
+
+    hmac_sha256_init(&ctx, hmac_key, hmac_key_len);
+    for (int i = 0; i < num_splits; ++i) {
+        hmac_sha256_update(&ctx, data, split_size);
+        data += split_size;
+        size -= split_size;
+    }
+    hmac_sha256_update(&ctx, data, size); /* Process remaining data. */
+    hmac_sha256_done(&ctx, &actual);
+    assert(memeq(expected, sizeof(*expected), &actual, sizeof(actual)));
+}
+
+/* Test that the HMAC calculated by CCAN matches OpenSSL's HMAC. */
+static void test_vs_openssl(const struct hmac_sha256 *expected, const u8 *data, size_t size)
+{
+    u8 openssl_hash[SHA256_DIGEST_LENGTH];
+    size_t hash_size;
+    EVP_MAC_CTX *ctx;
+    OSSL_PARAM params[] = {
+        OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0),
+        OSSL_PARAM_END
+    };
+
+    ctx = EVP_MAC_CTX_new(hmac_sha256_algo);
+    assert(ctx);
+
+    assert(EVP_MAC_init(ctx, hmac_key, hmac_key_len, params));
+    assert(EVP_MAC_update(ctx, data, size));
+    assert(EVP_MAC_final(ctx, openssl_hash, &hash_size, sizeof(openssl_hash)));
+    EVP_MAC_CTX_free(ctx);
+
+    assert(hash_size == SHA256_DIGEST_LENGTH);
+    assert(memeq(expected, sizeof(*expected), openssl_hash, sizeof(openssl_hash)));
+}
+
+void run(const u8 *data, size_t size)
+{
+    struct hmac_sha256 expected;
+    u8 num_splits;
+
+    if (size < 1)
+        return;
+
+    num_splits = *data;
+    ++data;
+    --size;
+
+    /* Compute expected HMAC using the one-shot function. */
+    hmac_sha256(&expected, hmac_key, hmac_key_len, data, size);
+
+    test_split_update(num_splits, &expected, data, size);
+    test_vs_openssl(&expected, data, size);
+}
+