diff --git a/src/test/fuzz/fuzz_descriptor.c b/src/test/fuzz/fuzz_descriptor.c index 12297fdfc2..563787b7cc 100644 --- a/src/test/fuzz/fuzz_descriptor.c +++ b/src/test/fuzz/fuzz_descriptor.c @@ -1,12 +1,53 @@ - +#define ROUTERPARSE_PRIVATE #include "or.h" #include "routerparse.h" #include "routerlist.h" +#include "routerkeys.h" #include "fuzzing.h" +static int +mock_check_tap_onion_key_crosscert__nocheck(const uint8_t *crosscert, + int crosscert_len, + const crypto_pk_t *onion_pkey, + const ed25519_public_key_t *master_id_pkey, + const uint8_t *rsa_id_digest) +{ + tor_assert(crosscert && onion_pkey && master_id_pkey && rsa_id_digest); + /* we could look at crosscert[..] */ + (void) crosscert_len; + return 0; +} + +static void +mock_dump_desc__nodump(const char *desc, const char *type) +{ + (void)desc; + (void)type; +} + +static int +mock_router_produce_hash_final__nohash(char *digest, + const char *start, size_t len, + digest_algorithm_t alg) +{ + (void)start; + (void)len; + /* we could look at start[..] */ + if (alg == DIGEST_SHA1) + memset(digest, 0x01, 20); + else + memset(digest, 0x02, 32); + return 0; +} + int fuzz_init(void) { + disable_signature_checking(); + MOCK(check_tap_onion_key_crosscert, + mock_check_tap_onion_key_crosscert__nocheck); + MOCK(dump_desc, mock_dump_desc__nodump); + MOCK(router_compute_hash_final, mock_router_produce_hash_final__nohash); ed25519_init(); return 0; } @@ -25,8 +66,12 @@ fuzz_main(const uint8_t *data, size_t sz) ri = router_parse_entry_from_string((const char *)str, str+sz, 0, 0, 0, NULL); - if (ri) + if (ri) { + log_debug(LD_GENERAL, "Parsing okay"); routerinfo_free(ri); + } else { + log_debug(LD_GENERAL, "Parsing failed"); + } return 0; } diff --git a/src/test/fuzz/fuzzing.h b/src/test/fuzz/fuzzing.h index 794ed1461e..a8cbb1d9e8 100644 --- a/src/test/fuzz/fuzzing.h +++ b/src/test/fuzz/fuzzing.h @@ -5,4 +5,6 @@ int fuzz_init(void); int fuzz_cleanup(void); int fuzz_main(const uint8_t *data, size_t sz); +void disable_signature_checking(void); + #endif /* FUZZING_H */ diff --git a/src/test/fuzz/fuzzing_common.c b/src/test/fuzz/fuzzing_common.c index 87affc4c04..e17bae3565 100644 --- a/src/test/fuzz/fuzzing_common.c +++ b/src/test/fuzz/fuzzing_common.c @@ -1,13 +1,88 @@ +#define CRYPTO_ED25519_PRIVATE #include "orconfig.h" #include "or.h" #include "backtrace.h" #include "config.h" #include "fuzzing.h" +#include "crypto.h" +#include "crypto_ed25519.h" extern const char tor_git_revision[]; const char tor_git_revision[] = ""; -#define MAX_FUZZ_SIZE (128*1024) +static int +mock_crypto_pk_public_checksig__nocheck(const crypto_pk_t *env, char *to, + size_t tolen, + const char *from, size_t fromlen) +{ + tor_assert(env && to && from); + (void)fromlen; + /* We could look at from[0..fromlen-1] ... */ + tor_assert(tolen >= crypto_pk_keysize(env)); + memset(to, 0x01, 20); + return 20; +} + +static int +mock_crypto_pk_public_checksig_digest__nocheck(crypto_pk_t *env, + const char *data, + size_t datalen, + const char *sig, + size_t siglen) +{ + tor_assert(env && data && sig); + (void)datalen; + (void)siglen; + /* We could look at data[..] and sig[..] */ + return 0; +} + +static int +mock_ed25519_checksig__nocheck(const ed25519_signature_t *signature, + const uint8_t *msg, size_t len, + const ed25519_public_key_t *pubkey) +{ + tor_assert(signature && msg && pubkey); + /* We could look at msg[0..len-1] ... */ + (void)len; + return 0; +} + +static int +mock_ed25519_checksig_batch__nocheck(int *okay_out, + const ed25519_checkable_t *checkable, + int n_checkable) +{ + tor_assert(checkable); + int i; + for (i = 0; i < n_checkable; ++i) { + /* We could look at messages and signatures XXX */ + tor_assert(checkable[i].pubkey); + tor_assert(checkable[i].msg); + if (okay_out) + okay_out[i] = 1; + } + return 0; +} + +static int +mock_ed25519_impl_spot_check__nocheck(void) +{ + return 0; +} + + +void +disable_signature_checking(void) +{ + MOCK(crypto_pk_public_checksig, + mock_crypto_pk_public_checksig__nocheck); + MOCK(crypto_pk_public_checksig_digest, + mock_crypto_pk_public_checksig_digest__nocheck); + MOCK(ed25519_checksig, mock_ed25519_checksig__nocheck); + MOCK(ed25519_checksig_batch, mock_ed25519_checksig_batch__nocheck); + MOCK(ed25519_impl_spot_check, mock_ed25519_impl_spot_check__nocheck); +} #ifdef LLVM_FUZZ int @@ -70,6 +145,7 @@ main(int argc, char **argv) __AFL_INIT(); #endif +#define MAX_FUZZ_SIZE (128*1024) char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size); tor_assert(input); fuzz_main((const uint8_t*)input, size);