fuzz_hsdescv3.c 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. /* Copyright (c) 2017-2019, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #define HS_DESCRIPTOR_PRIVATE
  4. #include "core/or/or.h"
  5. #include "trunnel/ed25519_cert.h" /* Trunnel interface. */
  6. #include "lib/crypt_ops/crypto_ed25519.h"
  7. #include "feature/hs/hs_descriptor.h"
  8. #include "feature/dirparse/unparseable.h"
  9. #include "test/fuzz/fuzzing.h"
  10. static void
  11. mock_dump_desc__nodump(const char *desc, const char *type)
  12. {
  13. (void)desc;
  14. (void)type;
  15. }
  16. static int
  17. mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
  18. const size_t crosscert_len,
  19. const crypto_pk_t *rsa_id_key,
  20. const ed25519_public_key_t *master_key,
  21. const time_t reject_if_expired_before)
  22. {
  23. (void) crosscert;
  24. (void) crosscert_len;
  25. (void) rsa_id_key;
  26. (void) master_key;
  27. (void) reject_if_expired_before;
  28. return 0;
  29. }
  30. static size_t
  31. mock_decrypt_desc_layer(const hs_descriptor_t *desc,
  32. const uint8_t *encrypted_blob,
  33. size_t encrypted_blob_size,
  34. const uint8_t *descriptor_cookie,
  35. int is_superencrypted_layer,
  36. char **decrypted_out)
  37. {
  38. (void)is_superencrypted_layer;
  39. (void)desc;
  40. (void)descriptor_cookie;
  41. const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
  42. if (encrypted_blob_size < overhead)
  43. return 0;
  44. *decrypted_out = tor_memdup_nulterm(
  45. encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
  46. encrypted_blob_size - overhead);
  47. size_t result = strlen(*decrypted_out);
  48. if (result) {
  49. return result;
  50. } else {
  51. tor_free(*decrypted_out);
  52. return 0;
  53. }
  54. }
  55. int
  56. fuzz_init(void)
  57. {
  58. disable_signature_checking();
  59. MOCK(dump_desc, mock_dump_desc__nodump);
  60. MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
  61. MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
  62. ed25519_init();
  63. return 0;
  64. }
  65. int
  66. fuzz_cleanup(void)
  67. {
  68. return 0;
  69. }
  70. int
  71. fuzz_main(const uint8_t *data, size_t sz)
  72. {
  73. hs_descriptor_t *desc = NULL;
  74. uint8_t subcredential[DIGEST256_LEN];
  75. char *fuzzing_data = tor_memdup_nulterm(data, sz);
  76. memset(subcredential, 'A', sizeof(subcredential));
  77. hs_desc_decode_descriptor(fuzzing_data, subcredential, NULL, &desc);
  78. if (desc) {
  79. log_debug(LD_GENERAL, "Decoding okay");
  80. hs_descriptor_free(desc);
  81. } else {
  82. log_debug(LD_GENERAL, "Decoding failed");
  83. }
  84. tor_free(fuzzing_data);
  85. return 0;
  86. }