fuzzing_common.c 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197
  1. /* Copyright (c) 2016-2019, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #define CRYPTO_ED25519_PRIVATE
  4. #include "orconfig.h"
  5. #include "core/or/or.h"
  6. #include "lib/err/backtrace.h"
  7. #include "app/config/config.h"
  8. #include "test/fuzz/fuzzing.h"
  9. #include "lib/compress/compress.h"
  10. #include "lib/crypt_ops/crypto_ed25519.h"
  11. #include "lib/crypt_ops/crypto_init.h"
  12. static or_options_t *mock_options = NULL;
  13. static const or_options_t *
  14. mock_get_options(void)
  15. {
  16. return mock_options;
  17. }
  18. static int
  19. mock_crypto_pk_public_checksig__nocheck(const crypto_pk_t *env, char *to,
  20. size_t tolen,
  21. const char *from, size_t fromlen)
  22. {
  23. tor_assert(env && to && from);
  24. (void)fromlen;
  25. /* We could look at from[0..fromlen-1] ... */
  26. tor_assert(tolen >= crypto_pk_keysize(env));
  27. size_t siglen = MIN(20, crypto_pk_keysize(env));
  28. memset(to, 0x01, siglen);
  29. return (int)siglen;
  30. }
  31. static int
  32. mock_crypto_pk_public_checksig_digest__nocheck(crypto_pk_t *env,
  33. const char *data,
  34. size_t datalen,
  35. const char *sig,
  36. size_t siglen)
  37. {
  38. tor_assert(env && data && sig);
  39. (void)datalen;
  40. (void)siglen;
  41. /* We could look at data[..] and sig[..] */
  42. return 0;
  43. }
  44. static int
  45. mock_ed25519_checksig__nocheck(const ed25519_signature_t *signature,
  46. const uint8_t *msg, size_t len,
  47. const ed25519_public_key_t *pubkey)
  48. {
  49. tor_assert(signature && msg && pubkey);
  50. /* We could look at msg[0..len-1] ... */
  51. (void)len;
  52. return 0;
  53. }
  54. static int
  55. mock_ed25519_checksig_batch__nocheck(int *okay_out,
  56. const ed25519_checkable_t *checkable,
  57. int n_checkable)
  58. {
  59. tor_assert(checkable);
  60. int i;
  61. for (i = 0; i < n_checkable; ++i) {
  62. /* We could look at messages and signatures XXX */
  63. tor_assert(checkable[i].pubkey);
  64. tor_assert(checkable[i].msg);
  65. if (okay_out)
  66. okay_out[i] = 1;
  67. }
  68. return 0;
  69. }
  70. static int
  71. mock_ed25519_impl_spot_check__nocheck(void)
  72. {
  73. return 0;
  74. }
  75. void
  76. disable_signature_checking(void)
  77. {
  78. MOCK(crypto_pk_public_checksig,
  79. mock_crypto_pk_public_checksig__nocheck);
  80. MOCK(crypto_pk_public_checksig_digest,
  81. mock_crypto_pk_public_checksig_digest__nocheck);
  82. MOCK(ed25519_checksig, mock_ed25519_checksig__nocheck);
  83. MOCK(ed25519_checksig_batch, mock_ed25519_checksig_batch__nocheck);
  84. MOCK(ed25519_impl_spot_check, mock_ed25519_impl_spot_check__nocheck);
  85. }
  86. static void
  87. global_init(void)
  88. {
  89. tor_threads_init();
  90. tor_compress_init();
  91. /* Initialise logging first */
  92. init_logging(1);
  93. configure_backtrace_handler(get_version());
  94. if (crypto_global_init(0, NULL, NULL) < 0)
  95. abort();
  96. {
  97. struct sipkey sipkey = { 1337, 7331 };
  98. siphash_unset_global_key();
  99. siphash_set_global_key(&sipkey);
  100. }
  101. /* set up the options. */
  102. mock_options = tor_malloc_zero(sizeof(or_options_t));
  103. MOCK(get_options, mock_get_options);
  104. /* Make BUG() and nonfatal asserts crash */
  105. tor_set_failed_assertion_callback(abort);
  106. /* Make protocol warnings handled correctly. */
  107. init_protocol_warning_severity_level();
  108. }
  109. #ifdef LLVM_FUZZ
  110. int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
  111. int
  112. LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
  113. {
  114. static int initialized = 0;
  115. if (!initialized) {
  116. global_init();
  117. if (fuzz_init() < 0)
  118. abort();
  119. initialized = 1;
  120. }
  121. return fuzz_main(Data, Size);
  122. }
  123. #else /* Not LLVM_FUZZ, so AFL. */
  124. int
  125. main(int argc, char **argv)
  126. {
  127. size_t size;
  128. global_init();
  129. /* Disable logging by default to speed up fuzzing. */
  130. int loglevel = LOG_ERR;
  131. for (int i = 1; i < argc; ++i) {
  132. if (!strcmp(argv[i], "--warn")) {
  133. loglevel = LOG_WARN;
  134. } else if (!strcmp(argv[i], "--notice")) {
  135. loglevel = LOG_NOTICE;
  136. } else if (!strcmp(argv[i], "--info")) {
  137. loglevel = LOG_INFO;
  138. } else if (!strcmp(argv[i], "--debug")) {
  139. loglevel = LOG_DEBUG;
  140. }
  141. }
  142. {
  143. log_severity_list_t s;
  144. memset(&s, 0, sizeof(s));
  145. set_log_severity_config(loglevel, LOG_ERR, &s);
  146. /* ALWAYS log bug warnings. */
  147. s.masks[LOG_WARN-LOG_ERR] |= LD_BUG;
  148. add_stream_log(&s, "", fileno(stdout));
  149. }
  150. if (fuzz_init() < 0)
  151. abort();
  152. #ifdef __AFL_HAVE_MANUAL_CONTROL
  153. /* Tell AFL to pause and fork here - ignored if not using AFL */
  154. __AFL_INIT();
  155. #endif
  156. #define MAX_FUZZ_SIZE (128*1024)
  157. char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
  158. tor_assert(input);
  159. char *raw = tor_memdup(input, size); /* Because input is nul-terminated */
  160. tor_free(input);
  161. fuzz_main((const uint8_t*)raw, size);
  162. tor_free(raw);
  163. if (fuzz_cleanup() < 0)
  164. abort();
  165. tor_free(mock_options);
  166. UNMOCK(get_options);
  167. return 0;
  168. }
  169. #endif