Replace signature-checking and digest-checking while fuzzing

This commit is contained in:
Nick Mathewson 2016-12-13 20:23:16 -05:00
parent e2aeaeb76c
commit 0666928c5c
3 changed files with 126 additions and 3 deletions

View File

@ -1,12 +1,53 @@
#define ROUTERPARSE_PRIVATE
#include "or.h" #include "or.h"
#include "routerparse.h" #include "routerparse.h"
#include "routerlist.h" #include "routerlist.h"
#include "routerkeys.h"
#include "fuzzing.h" #include "fuzzing.h"
static int
mock_check_tap_onion_key_crosscert__nocheck(const uint8_t *crosscert,
int crosscert_len,
const crypto_pk_t *onion_pkey,
const ed25519_public_key_t *master_id_pkey,
const uint8_t *rsa_id_digest)
{
tor_assert(crosscert && onion_pkey && master_id_pkey && rsa_id_digest);
/* we could look at crosscert[..] */
(void) crosscert_len;
return 0;
}
static void
mock_dump_desc__nodump(const char *desc, const char *type)
{
(void)desc;
(void)type;
}
static int
mock_router_produce_hash_final__nohash(char *digest,
const char *start, size_t len,
digest_algorithm_t alg)
{
(void)start;
(void)len;
/* we could look at start[..] */
if (alg == DIGEST_SHA1)
memset(digest, 0x01, 20);
else
memset(digest, 0x02, 32);
return 0;
}
int int
fuzz_init(void) fuzz_init(void)
{ {
disable_signature_checking();
MOCK(check_tap_onion_key_crosscert,
mock_check_tap_onion_key_crosscert__nocheck);
MOCK(dump_desc, mock_dump_desc__nodump);
MOCK(router_compute_hash_final, mock_router_produce_hash_final__nohash);
ed25519_init(); ed25519_init();
return 0; return 0;
} }
@ -25,8 +66,12 @@ fuzz_main(const uint8_t *data, size_t sz)
ri = router_parse_entry_from_string((const char *)str, ri = router_parse_entry_from_string((const char *)str,
str+sz, str+sz,
0, 0, 0, NULL); 0, 0, 0, NULL);
if (ri) if (ri) {
log_debug(LD_GENERAL, "Parsing okay");
routerinfo_free(ri); routerinfo_free(ri);
} else {
log_debug(LD_GENERAL, "Parsing failed");
}
return 0; return 0;
} }

View File

@ -5,4 +5,6 @@ int fuzz_init(void);
int fuzz_cleanup(void); int fuzz_cleanup(void);
int fuzz_main(const uint8_t *data, size_t sz); int fuzz_main(const uint8_t *data, size_t sz);
void disable_signature_checking(void);
#endif /* FUZZING_H */ #endif /* FUZZING_H */

View File

@ -1,13 +1,88 @@
#define CRYPTO_ED25519_PRIVATE
#include "orconfig.h" #include "orconfig.h"
#include "or.h" #include "or.h"
#include "backtrace.h" #include "backtrace.h"
#include "config.h" #include "config.h"
#include "fuzzing.h" #include "fuzzing.h"
#include "crypto.h"
#include "crypto_ed25519.h"
extern const char tor_git_revision[]; extern const char tor_git_revision[];
const char tor_git_revision[] = ""; const char tor_git_revision[] = "";
#define MAX_FUZZ_SIZE (128*1024) static int
mock_crypto_pk_public_checksig__nocheck(const crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen)
{
tor_assert(env && to && from);
(void)fromlen;
/* We could look at from[0..fromlen-1] ... */
tor_assert(tolen >= crypto_pk_keysize(env));
memset(to, 0x01, 20);
return 20;
}
static int
mock_crypto_pk_public_checksig_digest__nocheck(crypto_pk_t *env,
const char *data,
size_t datalen,
const char *sig,
size_t siglen)
{
tor_assert(env && data && sig);
(void)datalen;
(void)siglen;
/* We could look at data[..] and sig[..] */
return 0;
}
static int
mock_ed25519_checksig__nocheck(const ed25519_signature_t *signature,
const uint8_t *msg, size_t len,
const ed25519_public_key_t *pubkey)
{
tor_assert(signature && msg && pubkey);
/* We could look at msg[0..len-1] ... */
(void)len;
return 0;
}
static int
mock_ed25519_checksig_batch__nocheck(int *okay_out,
const ed25519_checkable_t *checkable,
int n_checkable)
{
tor_assert(checkable);
int i;
for (i = 0; i < n_checkable; ++i) {
/* We could look at messages and signatures XXX */
tor_assert(checkable[i].pubkey);
tor_assert(checkable[i].msg);
if (okay_out)
okay_out[i] = 1;
}
return 0;
}
static int
mock_ed25519_impl_spot_check__nocheck(void)
{
return 0;
}
void
disable_signature_checking(void)
{
MOCK(crypto_pk_public_checksig,
mock_crypto_pk_public_checksig__nocheck);
MOCK(crypto_pk_public_checksig_digest,
mock_crypto_pk_public_checksig_digest__nocheck);
MOCK(ed25519_checksig, mock_ed25519_checksig__nocheck);
MOCK(ed25519_checksig_batch, mock_ed25519_checksig_batch__nocheck);
MOCK(ed25519_impl_spot_check, mock_ed25519_impl_spot_check__nocheck);
}
#ifdef LLVM_FUZZ #ifdef LLVM_FUZZ
int int
@ -70,6 +145,7 @@ main(int argc, char **argv)
__AFL_INIT(); __AFL_INIT();
#endif #endif
#define MAX_FUZZ_SIZE (128*1024)
char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size); char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
tor_assert(input); tor_assert(input);
fuzz_main((const uint8_t*)input, size); fuzz_main((const uint8_t*)input, size);