tests/fuzz: add fuzz testing on secured data functions (issue #1462)

doc/en/weechat_dev.en.adoc

@@ -422,6 +422,7 @@ WeeChat "core" is located in following directories:
 |       core/                                     | Root of fuzz testing for core.
 |          calc-fuzzer.c                          | Fuzz testing: calculation of expressions.
 |          crypto-fuzzer.c                        | Fuzz testing: cryptographic functions.
+|          secure-fuzzer.c                        | Fuzz testing: secured data.
 |          string-fuzzer.c                        | Fuzz testing: strings.
 |          utf8-fuzzer.c                          | Fuzz testing: UTF-8.
 |          util-fuzzer.c                          | Fuzz testing: utility functions.

doc/fr/weechat_dev.fr.adoc

@@ -423,6 +423,7 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
 |       core/                                     | Racine du fuzzing pour le cœur.
 |          calc-fuzzer.c                          | Fuzzing : calcul d'expressions.
 |          crypto-fuzzer.c                        | Fuzzing : fonctions cryptographiques.
+|          secure-fuzzer.c                        | Fuzzing : données sécurisées.
 |          string-fuzzer.c                        | Fuzzing : chaînes.
 |          utf8-fuzzer.c                          | Fuzzing : UTF-8.
 |          util-fuzzer.c                          | Fuzzing : fonctions utiles.

doc/ja/weechat_dev.ja.adoc

@@ -471,6 +471,8 @@ WeeChat "core" は以下のディレクトリに配置されています:
 // TRANSLATION MISSING
 |          crypto-fuzzer.c                        | Fuzz testing: cryptographic functions.
 // TRANSLATION MISSING
+|          secure-fuzzer.c                        | Fuzz testing: secured data.
+// TRANSLATION MISSING
 |          string-fuzzer.c                        | Fuzz testing: 文字列
 // TRANSLATION MISSING
 |          utf8-fuzzer.c                          | Fuzz testing: UTF-8.

doc/sr/weechat_dev.sr.adoc

@@ -437,6 +437,8 @@ WeeChat „језгро” се налази у следећим директо
 // TRANSLATION MISSING
 |          crypto-fuzzer.c                        | Fuzz testing: криптографске функције.
 // TRANSLATION MISSING
+|          secure-fuzzer.c                        | Fuzz testing: secured data.
+// TRANSLATION MISSING
 |          string-fuzzer.c                        | Fuzz testing: стрингови.
 // TRANSLATION MISSING
 |          utf8-fuzzer.c                          | Fuzz testing: UTF-8.

tests/fuzz/CMakeLists.txt

@@ -93,7 +93,7 @@ list(APPEND FUZZ_TARGET_DEPS
 )
 
 # fuzz targets
-set(FUZZ_CORE_TARGETS calc crypto string utf8 util)
+set(FUZZ_CORE_TARGETS calc crypto secure string utf8 util)
 
 foreach(fuzz_target ${FUZZ_CORE_TARGETS})
   add_executable(weechat_core_${fuzz_target}_fuzzer core/${fuzz_target}-fuzzer.cc)

tests/fuzz/core/secure-fuzzer.cc

@@ -0,0 +1,91 @@
+/*
+ * SPDX-FileCopyrightText: 2025 Sébastien Helleu <flashcode@flashtux.org>
+ *
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ *
+ * This file is part of WeeChat, the extensible chat client.
+ *
+ * WeeChat is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * WeeChat is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with WeeChat.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/* Fuzz testing on WeeChat core secured data functions */
+
+extern "C"
+{
+#include <stdlib.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include <assert.h>
+
+#include <gcrypt.h>
+
+#include "src/core/core-config.h"
+#include "src/core/core-secure.h"
+#include "src/core/core-secure-config.h"
+#include "src/core/core-string.h"
+
+extern int secure_derive_key (const char *salt, const char *passphrase,
+                              unsigned char *key, int length_key);
+}
+
+extern "C" int
+LLVMFuzzerInitialize (int *argc, char ***argv)
+{
+    /* make C++ compiler happy */
+    (void) argc;
+    (void) argv;
+
+    string_init ();
+    secure_init ();
+    secure_config_init ();
+    config_weechat_init ();
+
+    return 0;
+}
+
+extern "C" int
+LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
+{
+    char *str, hash[1024], *encrypted, *decrypted;
+    int length_encrypted, length_decrypted;
+
+    str = (char *)malloc (size + 1);
+    memcpy (str, data, size);
+    str[size] = '\0';
+
+    secure_derive_key (str, str, (unsigned char *)hash, sizeof (hash));
+
+    if (size > 0)
+    {
+        encrypted = NULL;
+        decrypted = NULL;
+        config_file_option_set (secure_config_crypt_salt, "on", 1);
+        secure_encrypt_data (str, size, GCRY_MD_SHA512, GCRY_CIPHER_AES256, "test", &encrypted, &length_encrypted);
+        secure_decrypt_data (encrypted, length_encrypted, GCRY_MD_SHA512, GCRY_CIPHER_AES256, "test", &decrypted, &length_decrypted);
+        assert ((size_t)length_decrypted == size);
+        assert (memcmp (decrypted, str, length_decrypted) == 0);
+        free (encrypted);
+        free (decrypted);
+        config_file_option_set (secure_config_crypt_salt, "off", 1);
+        encrypted = NULL;
+        secure_encrypt_data (str, size, GCRY_MD_SHA512, GCRY_CIPHER_AES256, "test", &encrypted, &length_encrypted);
+        free (encrypted);
+        config_file_option_reset (secure_config_crypt_salt, 1);
+    }
+
+    free (str);
+
+    return 0;
+}