fuzz_hsdescv3.c 2.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. /* Copyright (c) 2017-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #define ROUTERPARSE_PRIVATE
  4. #define HS_DESCRIPTOR_PRIVATE
  5. #include "core/or/or.h"
  6. #include "trunnel/ed25519_cert.h" /* Trunnel interface. */
  7. #include "lib/crypt_ops/crypto_ed25519.h"
  8. #include "feature/hs/hs_descriptor.h"
  9. #include "feature/nodelist/routerparse.h"
  10. #include "test/fuzz/fuzzing.h"
  11. static void
  12. mock_dump_desc__nodump(const char *desc, const char *type)
  13. {
  14. (void)desc;
  15. (void)type;
  16. }
  17. static int
  18. mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
  19. const size_t crosscert_len,
  20. const crypto_pk_t *rsa_id_key,
  21. const ed25519_public_key_t *master_key,
  22. const time_t reject_if_expired_before)
  23. {
  24. (void) crosscert;
  25. (void) crosscert_len;
  26. (void) rsa_id_key;
  27. (void) master_key;
  28. (void) reject_if_expired_before;
  29. return 0;
  30. }
  31. static size_t
  32. mock_decrypt_desc_layer(const hs_descriptor_t *desc,
  33. const uint8_t *encrypted_blob,
  34. size_t encrypted_blob_size,
  35. int is_superencrypted_layer,
  36. char **decrypted_out)
  37. {
  38. (void)is_superencrypted_layer;
  39. (void)desc;
  40. const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
  41. if (encrypted_blob_size < overhead)
  42. return 0;
  43. *decrypted_out = tor_memdup_nulterm(
  44. encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
  45. encrypted_blob_size - overhead);
  46. size_t result = strlen(*decrypted_out);
  47. if (result) {
  48. return result;
  49. } else {
  50. tor_free(*decrypted_out);
  51. return 0;
  52. }
  53. }
  54. int
  55. fuzz_init(void)
  56. {
  57. disable_signature_checking();
  58. MOCK(dump_desc, mock_dump_desc__nodump);
  59. MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
  60. MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
  61. ed25519_init();
  62. return 0;
  63. }
  64. int
  65. fuzz_cleanup(void)
  66. {
  67. return 0;
  68. }
  69. int
  70. fuzz_main(const uint8_t *data, size_t sz)
  71. {
  72. hs_descriptor_t *desc = NULL;
  73. uint8_t subcredential[DIGEST256_LEN];
  74. char *fuzzing_data = tor_memdup_nulterm(data, sz);
  75. memset(subcredential, 'A', sizeof(subcredential));
  76. hs_desc_decode_descriptor(fuzzing_data, subcredential, &desc);
  77. if (desc) {
  78. log_debug(LD_GENERAL, "Decoding okay");
  79. hs_descriptor_free(desc);
  80. } else {
  81. log_debug(LD_GENERAL, "Decoding failed");
  82. }
  83. tor_free(fuzzing_data);
  84. return 0;
  85. }