[cryptofuzz] Multiple updates (#4567)

* [wolfCrypt] Enable more wolfCrypt features

* [cryptofuzz] Add Monocypher

* [cryptofuzz] Update Boost to v1.74

* [cryptofuzz] Improve Botan build time

* [cryptofuzz] Improve Crypto++ build time

* [cryptofuzz] wolfCrypt: Add build option required for ECDSA signing

* [cryptofuzz] Reference Nettle's libhogweed.a

This is required for Nettle ECC operations.

* [cryptofuzz] wolfCrypt: Enable XCHACHA

2 files changed, 30 insertions, 6 deletions

diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile
index 2ffe8329f..94b03c2cf 100644
--- a/projects/cryptofuzz/Dockerfile
+++ b/projects/cryptofuzz/Dockerfile
@@ -21,7 +21,7 @@ RUN apt-get update && \
     wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | apt-key add - && \
     apt-add-repository 'deb https://apt.kitware.com/ubuntu/ xenial main' && \
     apt-get update && \
-    apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake libboost-all-dev mercurial gyp ninja-build zlib1g-dev libsqlite3-dev bison flex texinfo
+    apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake mercurial gyp ninja-build zlib1g-dev libsqlite3-dev bison flex texinfo
 
 # BoringSSL needs Go to build
 RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go
@@ -55,7 +55,9 @@ RUN git clone --depth 1 https://github.com/indutny/bn.js.git
 RUN git clone --depth 1 https://github.com/MikeMcl/bignumber.js.git
 RUN git clone --depth 1 https://github.com/guidovranken/libfuzzer-js.git
 RUN git clone --depth 1 https://github.com/brix/crypto-js.git
+RUN git clone --depth 1 https://github.com/LoupVaillant/Monocypher.git
 RUN apt-get remove -y libunwind8
 RUN apt-get install -y libssl-dev
+RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2
 
 COPY build.sh xxd.c $SRC/
diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh
index 878bdd960..90134bde2 100755
--- a/projects/cryptofuzz/build.sh
+++ b/projects/cryptofuzz/build.sh
@@ -21,6 +21,14 @@
 # Compile xxd
 $CC $SRC/xxd.c -o /usr/bin/xxd
 
+# Install Boost headers
+cd $SRC/
+tar jxf boost_1_74_0.tar.bz2
+cd boost_1_74_0/
+CFLAGS="" CXXFLAGS="" ./bootstrap.sh
+CFLAGS="" CXXFLAGS="" ./b2 headers
+cp -R boost/ /usr/include/
+
 export LINK_FLAGS=""
 export INCLUDE_PATH_FLAGS=""
 
@@ -109,6 +117,16 @@ then
     make -B
 fi
 
+# Compile Monocypher
+cd $SRC/Monocypher/
+make CC="$CC" CFLAGS="$CFLAGS"
+export LIBMONOCYPHER_A_PATH=$(realpath lib/libmonocypher.a)
+export MONOCYPHER_INCLUDE_PATH=$(realpath src/)
+export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_MONOCYPHER"
+
+# Compile Cryptofuzz monocypher module
+cd $SRC/cryptofuzz/modules/monocypher
+make -B
 
 # Compile libtomcrypt
 cd $SRC/libtomcrypt
@@ -161,8 +179,10 @@ make install
 if [[ $CFLAGS != *-m32* ]]
 then
 export LIBNETTLE_A_PATH=`realpath ../nettle-install/lib/libnettle.a`
+export LIBHOGWEED_A_PATH=`realpath ../nettle-install/lib/libhogweed.a`
 else
 export LIBNETTLE_A_PATH=`realpath ../nettle-install/lib32/libnettle.a`
+export LIBHOGWEED_A_PATH=`realpath ../nettle-install/lib32/libhogweed.a`
 fi
 export NETTLE_INCLUDE_PATH=`realpath ../nettle-install/include`
 export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NETTLE"
@@ -223,9 +243,9 @@ export CRYPTOFUZZ_REFERENCE_CITY_O_PATH="$SRC/cityhash/src/city.o"
 cd $SRC/cryptopp
 if [[ $CFLAGS != *sanitize=memory* ]]
 then
-    make -j$(nproc) >/dev/null 2>&1
+    make libcryptopp.a -j$(nproc) >/dev/null 2>&1
 else
-    CXXFLAGS="$CXXFLAGS -DCRYPTOPP_DISABLE_ASM=1" make -j$(nproc) >/dev/null 2>&1
+    CXXFLAGS="$CXXFLAGS -DCRYPTOPP_DISABLE_ASM=1" make libcryptopp.a -j$(nproc) >/dev/null 2>&1
 fi
 
 export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_CRYPTOPP"
@@ -267,9 +287,9 @@ make -B
 cd $SRC/botan
 if [[ $CFLAGS != *-m32* ]]
 then
-    ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator
+    ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
 else
-    ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator
+    ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
 fi
 make -j$(nproc)
 
@@ -418,9 +438,11 @@ fi
 ##############################################################################
 # Compile wolfCrypt
 cd $SRC/wolfssl
+# Enable additional wolfCrypt features which cannot be activated through arguments to ./configure
+export CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K"
 autoreconf -ivf
 
-export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-shake256 --enable-curve25519 --enable-curve448 --disable-crypttests --disable-examples --enable-keygen --enable-compkey --enable-ed448 --enable-ed25519"
+export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-shake256 --enable-curve25519 --enable-curve448 --disable-crypttests --disable-examples --enable-keygen --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha"
 
 if [[ $CFLAGS = *sanitize=memory* ]]
 then