mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 13:43:47 +01:00
Three more fuzzers: consensus, hsdesc, intro points
This commit is contained in:
parent
83e9918107
commit
b1567cf500
@ -1172,6 +1172,12 @@ tor_version_is_obsolete(const char *myversion, const char *versionlist)
|
||||
return ret;
|
||||
}
|
||||
|
||||
MOCK_IMPL(STATIC int,
|
||||
signed_digest_equals, (const uint8_t *d1, const uint8_t *d2, size_t len))
|
||||
{
|
||||
return tor_memeq(d1, d2, len);
|
||||
}
|
||||
|
||||
/** Check whether the object body of the token in <b>tok</b> has a good
|
||||
* signature for <b>digest</b> using key <b>pkey</b>.
|
||||
* If <b>CST_NO_CHECK_OBJTYPE</b> is set, do not check
|
||||
@ -1214,7 +1220,8 @@ check_signature_token(const char *digest,
|
||||
}
|
||||
// log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
|
||||
// hex_str(signed_digest,4));
|
||||
if (tor_memneq(digest, signed_digest, digest_len)) {
|
||||
if (! signed_digest_equals((const uint8_t *)digest,
|
||||
(const uint8_t *)signed_digest, digest_len)) {
|
||||
log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype);
|
||||
tor_free(signed_digest);
|
||||
return -1;
|
||||
|
@ -123,6 +123,8 @@ MOCK_DECL(STATIC void,dump_desc,(const char *desc, const char *type));
|
||||
MOCK_DECL(STATIC int, router_compute_hash_final,(char *digest,
|
||||
const char *start, size_t len,
|
||||
digest_algorithm_t alg));
|
||||
MOCK_DECL(STATIC int, signed_digest_equals,
|
||||
(const uint8_t *d1, const uint8_t *d2, size_t len));
|
||||
#endif
|
||||
|
||||
#define ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1"
|
||||
|
52
src/test/fuzz/dict/consensus
Normal file
52
src/test/fuzz/dict/consensus
Normal file
@ -0,0 +1,52 @@
|
||||
"a"
|
||||
"additional-digest"
|
||||
"additional-signature"
|
||||
"bandwidth-weights"
|
||||
"client-versions"
|
||||
"consensus-digest"
|
||||
"consensus-method"
|
||||
"consensus-methods"
|
||||
"contact"
|
||||
"dir-address"
|
||||
"directory-footer"
|
||||
"directory-signature"
|
||||
"dir-identity-key"
|
||||
"dir-key-certificate-version"
|
||||
"dir-key-certification"
|
||||
"dir-key-crosscert"
|
||||
"dir-key-expires"
|
||||
"dir-key-published"
|
||||
"dir-signing-key"
|
||||
"dir-source"
|
||||
"fingerprint"
|
||||
"fresh-until"
|
||||
"id"
|
||||
"known-flags"
|
||||
"legacy-dir-key"
|
||||
"m"
|
||||
"network-status-version"
|
||||
"opt"
|
||||
"p"
|
||||
"package"
|
||||
"params"
|
||||
"pr"
|
||||
"published"
|
||||
"r"
|
||||
"recommended-client-protocols"
|
||||
"recommended-relay-protocols"
|
||||
"required-client-protocols"
|
||||
"required-relay-protocols"
|
||||
"s"
|
||||
"server-versions"
|
||||
"shared-rand-commit"
|
||||
"shared-rand-current-value"
|
||||
"shared-rand-participate"
|
||||
"shared-rand-previous-value"
|
||||
"signing-ed25519"
|
||||
"v"
|
||||
"valid-after"
|
||||
"valid-until"
|
||||
"vote-digest"
|
||||
"vote-status"
|
||||
"voting-delay"
|
||||
"w"
|
8
src/test/fuzz/dict/hsdescv2
Normal file
8
src/test/fuzz/dict/hsdescv2
Normal file
@ -0,0 +1,8 @@
|
||||
"introduction-points"
|
||||
"permanent-key"
|
||||
"protocol-versions"
|
||||
"publication-time"
|
||||
"rendezvous-service-descriptor"
|
||||
"secret-id-part"
|
||||
"signature"
|
||||
"version"
|
6
src/test/fuzz/dict/iptsv2
Normal file
6
src/test/fuzz/dict/iptsv2
Normal file
@ -0,0 +1,6 @@
|
||||
"introduction-point"
|
||||
"ip-address"
|
||||
"onion-port"
|
||||
"onion-key"
|
||||
"service-key"
|
||||
|
78
src/test/fuzz/fuzz_consensus.c
Normal file
78
src/test/fuzz/fuzz_consensus.c
Normal file
@ -0,0 +1,78 @@
|
||||
/* Copyright (c) 2016, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
#define ROUTERPARSE_PRIVATE
|
||||
#include "or.h"
|
||||
#include "routerparse.h"
|
||||
#include "networkstatus.h"
|
||||
#include "fuzzing.h"
|
||||
|
||||
static void
|
||||
mock_dump_desc__nodump(const char *desc, const char *type)
|
||||
{
|
||||
(void)desc;
|
||||
(void)type;
|
||||
}
|
||||
|
||||
static int
|
||||
mock_router_produce_hash_final__nohash(char *digest,
|
||||
const char *start, size_t len,
|
||||
digest_algorithm_t alg)
|
||||
{
|
||||
(void)start;
|
||||
(void)len;
|
||||
/* we could look at start[..] */
|
||||
if (alg == DIGEST_SHA1)
|
||||
memset(digest, 0x01, 20);
|
||||
else
|
||||
memset(digest, 0x02, 32);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
mock_signed_digest_equals__yes(const uint8_t *d1, const uint8_t *d2,
|
||||
size_t len)
|
||||
{
|
||||
(void) tor_memeq(d1, d2, len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_init(void)
|
||||
{
|
||||
disable_signature_checking();
|
||||
MOCK(dump_desc, mock_dump_desc__nodump);
|
||||
MOCK(router_compute_hash_final, mock_router_produce_hash_final__nohash);
|
||||
MOCK(signed_digest_equals, mock_signed_digest_equals__yes);
|
||||
ed25519_init();
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_cleanup(void)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_main(const uint8_t *data, size_t sz)
|
||||
{
|
||||
networkstatus_t *ns;
|
||||
char *str = tor_memdup_nulterm(data, sz);
|
||||
const char *eos = NULL;
|
||||
networkstatus_type_t tp = NS_TYPE_CONSENSUS;
|
||||
if (tor_memstr(data, MIN(sz, 1024), "tus vote"))
|
||||
tp = NS_TYPE_VOTE;
|
||||
const char *what = (tp == NS_TYPE_CONSENSUS) ? "consensus" : "vote";
|
||||
ns = networkstatus_parse_vote_from_string(str,
|
||||
&eos,
|
||||
tp);
|
||||
if (ns) {
|
||||
log_debug(LD_GENERAL, "Parsing as %s okay", what);
|
||||
networkstatus_vote_free(ns);
|
||||
} else {
|
||||
log_debug(LD_GENERAL, "Parsing as %s failed", what);
|
||||
}
|
||||
tor_free(str);
|
||||
return 0;
|
||||
}
|
||||
|
52
src/test/fuzz/fuzz_hsdescv2.c
Normal file
52
src/test/fuzz/fuzz_hsdescv2.c
Normal file
@ -0,0 +1,52 @@
|
||||
/* Copyright (c) 2016, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
#define ROUTERPARSE_PRIVATE
|
||||
#include "or.h"
|
||||
#include "routerparse.h"
|
||||
#include "rendcommon.h"
|
||||
#include "fuzzing.h"
|
||||
|
||||
static void
|
||||
mock_dump_desc__nodump(const char *desc, const char *type)
|
||||
{
|
||||
(void)desc;
|
||||
(void)type;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_init(void)
|
||||
{
|
||||
disable_signature_checking();
|
||||
MOCK(dump_desc, mock_dump_desc__nodump);
|
||||
ed25519_init();
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_cleanup(void)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_main(const uint8_t *data, size_t sz)
|
||||
{
|
||||
rend_service_descriptor_t *desc = NULL;
|
||||
char desc_id[64];
|
||||
char *ipts = NULL;
|
||||
size_t ipts_size, esize;
|
||||
const char *next;
|
||||
char *str = tor_memdup_nulterm(data, sz);
|
||||
(void) rend_parse_v2_service_descriptor(&desc, desc_id, &ipts, &ipts_size,
|
||||
&esize, &next, str, 1);
|
||||
if (desc) {
|
||||
log_debug(LD_GENERAL, "Parsing okay");
|
||||
rend_service_descriptor_free(desc);
|
||||
} else {
|
||||
log_debug(LD_GENERAL, "Parsing failed");
|
||||
}
|
||||
tor_free(ipts);
|
||||
tor_free(str);
|
||||
return 0;
|
||||
}
|
||||
|
46
src/test/fuzz/fuzz_iptsv2.c
Normal file
46
src/test/fuzz/fuzz_iptsv2.c
Normal file
@ -0,0 +1,46 @@
|
||||
/* Copyright (c) 2016, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
#define ROUTERPARSE_PRIVATE
|
||||
#include "or.h"
|
||||
#include "routerparse.h"
|
||||
#include "rendcommon.h"
|
||||
#include "fuzzing.h"
|
||||
|
||||
static void
|
||||
mock_dump_desc__nodump(const char *desc, const char *type)
|
||||
{
|
||||
(void)desc;
|
||||
(void)type;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_init(void)
|
||||
{
|
||||
disable_signature_checking();
|
||||
MOCK(dump_desc, mock_dump_desc__nodump);
|
||||
ed25519_init();
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_cleanup(void)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
fuzz_main(const uint8_t *data, size_t sz)
|
||||
{
|
||||
rend_service_descriptor_t *desc =
|
||||
tor_malloc_zero(sizeof(rend_service_descriptor_t));
|
||||
const char *str = (const char*) data;
|
||||
int r = rend_parse_introduction_points(desc, str, sz);
|
||||
if (r >= 0) {
|
||||
log_debug(LD_GENERAL, "Parsing okay: %d", r);
|
||||
} else {
|
||||
log_debug(LD_GENERAL, "Parsing failed");
|
||||
}
|
||||
rend_service_descriptor_free(desc);
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user