Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4593829861
Branches Tags
tor
/
src
/
test
/
fuzz
/
fuzz_hsdescv3.c

fuzz_hsdescv3.c 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. /* Copyright (c) 2017-2018, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. #define ROUTERPARSE_PRIVATE
    5. 

  5. #define HS_DESCRIPTOR_PRIVATE
    6. 

  6. 

  7. #include "or/or.h"
    8. 

  8. #include "trunnel/ed25519_cert.h" /* Trunnel interface. */
    9. 

  9. #include "lib/crypt_ops/crypto_ed25519.h"
    10. 

  10. #include "or/hs_descriptor.h"
    11. 

  11. #include "or/routerparse.h"
    12. 

  12. 

  13. #include "test/fuzz/fuzzing.h"
    14. 

  14. 

  15. static void
    16. 

  16. mock_dump_desc__nodump(const char *desc, const char *type)
    17. 

  17. {
    18. 

  18.   (void)desc;
    19. 

  19.   (void)type;
    20. 

  20. }
    21. 

  21. 

  22. static int
    23. 

  23. mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
    24. 

  24.                                  const size_t crosscert_len,
    25. 

  25.                                  const crypto_pk_t *rsa_id_key,
    26. 

  26.                                  const ed25519_public_key_t *master_key,
    27. 

  27.                                  const time_t reject_if_expired_before)
    28. 

  28. {
    29. 

  29.   (void) crosscert;
    30. 

  30.   (void) crosscert_len;
    31. 

  31.   (void) rsa_id_key;
    32. 

  32.   (void) master_key;
    33. 

  33.   (void) reject_if_expired_before;
    34. 

  34.   return 0;
    35. 

  35. }
    36. 

  36. 

  37. static size_t
    38. 

  38. mock_decrypt_desc_layer(const hs_descriptor_t *desc,
    39. 

  39.                         const uint8_t *encrypted_blob,
    40. 

  40.                         size_t encrypted_blob_size,
    41. 

  41.                         int is_superencrypted_layer,
    42. 

  42.                         char **decrypted_out)
    43. 

  43. {
    44. 

  44.   (void)is_superencrypted_layer;
    45. 

  45.   (void)desc;
    46. 

  46.   const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
    47. 

  47.   if (encrypted_blob_size < overhead)
    48. 

  48.     return 0;
    49. 

  49.   *decrypted_out = tor_memdup_nulterm(
    50. 

  50.                    encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
    51. 

  51.                    encrypted_blob_size - overhead);
    52. 

  52.   size_t result = strlen(*decrypted_out);
    53. 

  53.   if (result) {
    54. 

  54.     return result;
    55. 

  55.   } else {
    56. 

  56.     tor_free(*decrypted_out);
    57. 

  57.     return 0;
    58. 

  58.   }
    59. 

  59. }
    60. 

  60. 

  61. int
    62. 

  62. fuzz_init(void)
    63. 

  63. {
    64. 

  64.   disable_signature_checking();
    65. 

  65.   MOCK(dump_desc, mock_dump_desc__nodump);
    66. 

  66.   MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
    67. 

  67.   MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
    68. 

  68.   ed25519_init();
    69. 

  69.   return 0;
    70. 

  70. }
    71. 

  71. 

  72. int
    73. 

  73. fuzz_cleanup(void)
    74. 

  74. {
    75. 

  75.   return 0;
    76. 

  76. }
    77. 

  77. 

  78. int
    79. 

  79. fuzz_main(const uint8_t *data, size_t sz)
    80. 

  80. {
    81. 

  81.   hs_descriptor_t *desc = NULL;
    82. 

  82.   uint8_t subcredential[DIGEST256_LEN];
    83. 

  83. 

  84.   char *fuzzing_data = tor_memdup_nulterm(data, sz);
    85. 

  85.   memset(subcredential, 'A', sizeof(subcredential));
    86. 

  86. 

  87.   hs_desc_decode_descriptor(fuzzing_data, subcredential, &desc);
    88. 

  88.   if (desc) {
    89. 

  89.     log_debug(LD_GENERAL, "Decoding okay");
    90. 

  90.     hs_descriptor_free(desc);
    91. 

  91.   } else {
    92. 

  92.     log_debug(LD_GENERAL, "Decoding failed");
    93. 

  93.   }
    94. 

  94. 

  95.   tor_free(fuzzing_data);
    96. 

  96.   return 0;
    97. 

  97. }
    98. 

  98.