ホーム エクスプローラ ヘルプ
サインイン
piros
/
tor
3
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: ef25f957e7
ブランチ タグ
tor
/
src
/
test
/
fuzz
/
fuzz_hsdescv3.c

fuzz_hsdescv3.c 2.3 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. /* Copyright (c) 2017, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. #define ROUTERPARSE_PRIVATE
    5. 

  5. #define HS_DESCRIPTOR_PRIVATE
    6. 

  6. 

  7. #include "or.h"
    8. 

  8. #include "ed25519_cert.h" /* Trunnel interface. */
    9. 

  9. #include "crypto_ed25519.h"
    10. 

  10. #include "hs_descriptor.h"
    11. 

  11. #include "routerparse.h"
    12. 

  12. #include "util.h"
    13. 

  13. 

  14. #include "fuzzing.h"
    15. 

  15. 

  16. static void
    17. 

  17. mock_dump_desc__nodump(const char *desc, const char *type)
    18. 

  18. {
    19. 

  19.   (void)desc;
    20. 

  20.   (void)type;
    21. 

  21. }
    22. 

  22. 

  23. static int
    24. 

  24. mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
    25. 

  25.                                  const size_t crosscert_len,
    26. 

  26.                                  const crypto_pk_t *rsa_id_key,
    27. 

  27.                                  const ed25519_public_key_t *master_key,
    28. 

  28.                                  const time_t reject_if_expired_before)
    29. 

  29. {
    30. 

  30.   (void) crosscert;
    31. 

  31.   (void) crosscert_len;
    32. 

  32.   (void) rsa_id_key;
    33. 

  33.   (void) master_key;
    34. 

  34.   (void) reject_if_expired_before;
    35. 

  35.   return 0;
    36. 

  36. }
    37. 

  37. 

  38. static size_t
    39. 

  39. mock_decrypt_desc_layer(const hs_descriptor_t *desc,
    40. 

  40.                         const uint8_t *encrypted_blob,
    41. 

  41.                         size_t encrypted_blob_size,
    42. 

  42.                         int is_superencrypted_layer,
    43. 

  43.                         char **decrypted_out)
    44. 

  44. {
    45. 

  45.   (void)is_superencrypted_layer;
    46. 

  46.   (void)desc;
    47. 

  47.   const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
    48. 

  48.   if (encrypted_blob_size < overhead)
    49. 

  49.     return 0;
    50. 

  50.   *decrypted_out = tor_memdup_nulterm(
    51. 

  51.                    encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
    52. 

  52.                    encrypted_blob_size - overhead);
    53. 

  53.   return strlen(*decrypted_out);
    54. 

  54. }
    55. 

  55. 

  56. int
    57. 

  57. fuzz_init(void)
    58. 

  58. {
    59. 

  59.   disable_signature_checking();
    60. 

  60.   MOCK(dump_desc, mock_dump_desc__nodump);
    61. 

  61.   MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
    62. 

  62.   MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
    63. 

  63.   ed25519_init();
    64. 

  64.   return 0;
    65. 

  65. }
    66. 

  66. 

  67. int
    68. 

  68. fuzz_cleanup(void)
    69. 

  69. {
    70. 

  70.   return 0;
    71. 

  71. }
    72. 

  72. 

  73. int
    74. 

  74. fuzz_main(const uint8_t *data, size_t sz)
    75. 

  75. {
    76. 

  76.   hs_descriptor_t *desc = NULL;
    77. 

  77.   uint8_t subcredential[DIGEST256_LEN];
    78. 

  78. 

  79.   char *fuzzing_data = tor_memdup_nulterm(data, sz);
    80. 

  80.   memset(subcredential, 'A', sizeof(subcredential));
    81. 

  81. 

  82.   hs_desc_decode_descriptor(fuzzing_data, subcredential, &desc);
    83. 

  83.   if (desc) {
    84. 

  84.     log_debug(LD_GENERAL, "Decoding okay");
    85. 

  85.     hs_descriptor_free(desc);
    86. 

  86.   } else {
    87. 

  87.     log_debug(LD_GENERAL, "Decoding failed");
    88. 

  88.   }
    89. 

  89. 

  90.   tor_free(fuzzing_data);
    91. 

  91.   return 0;
    92. 

  92. }
    93. 

  93.