fuzz_hsdescv3.c 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. /* Copyright (c) 2017, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #define ROUTERPARSE_PRIVATE
  4. #define HS_DESCRIPTOR_PRIVATE
  5. #include "or.h"
  6. #include "ed25519_cert.h" /* Trunnel interface. */
  7. #include "crypto_ed25519.h"
  8. #include "hs_descriptor.h"
  9. #include "routerparse.h"
  10. #include "util.h"
  11. #include "fuzzing.h"
  12. static void
  13. mock_dump_desc__nodump(const char *desc, const char *type)
  14. {
  15. (void)desc;
  16. (void)type;
  17. }
  18. static int
  19. mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
  20. const size_t crosscert_len,
  21. const crypto_pk_t *rsa_id_key,
  22. const ed25519_public_key_t *master_key,
  23. const time_t reject_if_expired_before)
  24. {
  25. (void) crosscert;
  26. (void) crosscert_len;
  27. (void) rsa_id_key;
  28. (void) master_key;
  29. (void) reject_if_expired_before;
  30. return 0;
  31. }
  32. static size_t
  33. mock_decrypt_desc_layer(const hs_descriptor_t *desc,
  34. const uint8_t *encrypted_blob,
  35. size_t encrypted_blob_size,
  36. int is_superencrypted_layer,
  37. char **decrypted_out)
  38. {
  39. (void)is_superencrypted_layer;
  40. (void)desc;
  41. const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
  42. if (encrypted_blob_size < overhead)
  43. return 0;
  44. *decrypted_out = tor_memdup_nulterm(
  45. encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
  46. encrypted_blob_size - overhead);
  47. size_t result = strlen(*decrypted_out);
  48. if (result) {
  49. return result;
  50. } else {
  51. tor_free(*decrypted_out);
  52. return 0;
  53. }
  54. }
  55. int
  56. fuzz_init(void)
  57. {
  58. disable_signature_checking();
  59. MOCK(dump_desc, mock_dump_desc__nodump);
  60. MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
  61. MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
  62. ed25519_init();
  63. return 0;
  64. }
  65. int
  66. fuzz_cleanup(void)
  67. {
  68. return 0;
  69. }
  70. int
  71. fuzz_main(const uint8_t *data, size_t sz)
  72. {
  73. hs_descriptor_t *desc = NULL;
  74. uint8_t subcredential[DIGEST256_LEN];
  75. char *fuzzing_data = tor_memdup_nulterm(data, sz);
  76. memset(subcredential, 'A', sizeof(subcredential));
  77. hs_desc_decode_descriptor(fuzzing_data, subcredential, &desc);
  78. if (desc) {
  79. log_debug(LD_GENERAL, "Decoding okay");
  80. hs_descriptor_free(desc);
  81. } else {
  82. log_debug(LD_GENERAL, "Decoding failed");
  83. }
  84. tor_free(fuzzing_data);
  85. return 0;
  86. }