Commit 97347b11 authored by haxxpop's avatar haxxpop
Browse files

Fuzz outer layer of hsv3 descriptor 

The code in fuzz_hsdescv3.c fuzzes the unencrypted layer of the hsv3
descriptor. We need to fuzz the encrypted layer later.
parent c860282f

scripts/codegen/fuzzing_include_am.py

+1 −0
Original line number Diff line number Diff line
@@ -7,6 +7,7 @@ FUZZERS = """ 
	diff-apply

	extrainfo

	hsdescv2

	hsdescv3

	http

	iptsv2

	microdesc

src/test/fuzz/dict/hsdescv3

0 → 100644
+6 −0
Original line number Diff line number Diff line 
"hs-descriptor"

"descriptor-lifetime"

"descriptor-signing-key-cert"

"revision-counter"

"superencrypted"

"signature"

src/test/fuzz/fuzz_hsdescv3.c

0 → 100644
+71 −0
Original line number Diff line number Diff line 
/* Copyright (c) 2017, The Tor Project, Inc. */

/* See LICENSE for licensing information */



#define ROUTERPARSE_PRIVATE

#define HS_DESCRIPTOR_PRIVATE



#include "crypto_ed25519.h"

#include "hs_descriptor.h"

#include "routerparse.h"

#include "util.h"

#include "torcert.h"



#include "fuzzing.h"



static void

mock_dump_desc__nodump(const char *desc, const char *type)

{

  (void)desc;

  (void)type;

}



static int

mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,

                                 const size_t crosscert_len,

                                 const crypto_pk_t *rsa_id_key,

                                 const ed25519_public_key_t *master_key,

                                 const time_t reject_if_expired_before)

{

  (void) crosscert;

  (void) crosscert_len;

  (void) rsa_id_key;

  (void) master_key;

  (void) reject_if_expired_before;

  return 0;

}



int

fuzz_init(void)

{

  disable_signature_checking();

  MOCK(dump_desc, mock_dump_desc__nodump);

  MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);

  ed25519_init();

  return 0;

}



int

fuzz_cleanup(void)

{

  return 0;

}



int

fuzz_main(const uint8_t *data, size_t sz)

{

  hs_descriptor_t *desc = NULL;



  char *fuzzing_data = tor_memdup_nulterm(data, sz);



  hs_desc_decode_descriptor(fuzzing_data, NULL, &desc);

  if (desc) {

    log_debug(LD_GENERAL, "Decoding okay");

    hs_descriptor_free(desc);

  } else {

    log_debug(LD_GENERAL, "Decoding failed");

  }



  tor_free(fuzzing_data);

  return 0;

}

src/test/fuzz/include.am

+23 −0
Original line number Diff line number Diff line
@@ -94,6 +94,14 @@ src_test_fuzz_fuzz_hsdescv2_CFLAGS = $(FUZZING_CFLAGS) 
src_test_fuzz_fuzz_hsdescv2_LDFLAGS = $(FUZZING_LDFLAG)

src_test_fuzz_fuzz_hsdescv2_LDADD = $(FUZZING_LIBS)



src_test_fuzz_fuzz_hsdescv3_SOURCES = \

	src/test/fuzz/fuzzing_common.c \

	src/test/fuzz/fuzz_hsdescv3.c

src_test_fuzz_fuzz_hsdescv3_CPPFLAGS = $(FUZZING_CPPFLAGS)

src_test_fuzz_fuzz_hsdescv3_CFLAGS = $(FUZZING_CFLAGS)

src_test_fuzz_fuzz_hsdescv3_LDFLAGS = $(FUZZING_LDFLAG)

src_test_fuzz_fuzz_hsdescv3_LDADD = $(FUZZING_LIBS)



src_test_fuzz_fuzz_http_SOURCES = \

	src/test/fuzz/fuzzing_common.c \

	src/test/fuzz/fuzz_http.c
@@ -133,6 +141,7 @@ FUZZERS = \ 
	src/test/fuzz/fuzz-diff-apply \

	src/test/fuzz/fuzz-extrainfo \

	src/test/fuzz/fuzz-hsdescv2 \

	src/test/fuzz/fuzz-hsdescv3 \

	src/test/fuzz/fuzz-http \

	src/test/fuzz/fuzz-iptsv2 \

	src/test/fuzz/fuzz-microdesc \
@@ -183,6 +192,13 @@ src_test_fuzz_lf_fuzz_hsdescv2_CFLAGS = $(LIBFUZZER_CFLAGS) 
src_test_fuzz_lf_fuzz_hsdescv2_LDFLAGS = $(LIBFUZZER_LDFLAG)

src_test_fuzz_lf_fuzz_hsdescv2_LDADD = $(LIBFUZZER_LIBS)



src_test_fuzz_lf_fuzz_hsdescv3_SOURCES = \

	$(src_test_fuzz_fuzz_hsdescv3_SOURCES)

src_test_fuzz_lf_fuzz_hsdescv3_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)

src_test_fuzz_lf_fuzz_hsdescv3_CFLAGS = $(LIBFUZZER_CFLAGS)

src_test_fuzz_lf_fuzz_hsdescv3_LDFLAGS = $(LIBFUZZER_LDFLAG)

src_test_fuzz_lf_fuzz_hsdescv3_LDADD = $(LIBFUZZER_LIBS)



src_test_fuzz_lf_fuzz_http_SOURCES = \

	$(src_test_fuzz_fuzz_http_SOURCES)

src_test_fuzz_lf_fuzz_http_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
@@ -218,6 +234,7 @@ LIBFUZZER_FUZZERS = \ 
	src/test/fuzz/lf-fuzz-diff-apply \

	src/test/fuzz/lf-fuzz-extrainfo \

	src/test/fuzz/lf-fuzz-hsdescv2 \

	src/test/fuzz/lf-fuzz-hsdescv3 \

	src/test/fuzz/lf-fuzz-http \

	src/test/fuzz/lf-fuzz-iptsv2 \

	src/test/fuzz/lf-fuzz-microdesc \
@@ -260,6 +277,11 @@ src_test_fuzz_liboss_fuzz_hsdescv2_a_SOURCES = \ 
src_test_fuzz_liboss_fuzz_hsdescv2_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)

src_test_fuzz_liboss_fuzz_hsdescv2_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)



src_test_fuzz_liboss_fuzz_hsdescv3_a_SOURCES = \

	$(src_test_fuzz_fuzz_hsdescv3_SOURCES)

src_test_fuzz_liboss_fuzz_hsdescv3_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)

src_test_fuzz_liboss_fuzz_hsdescv3_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)



src_test_fuzz_liboss_fuzz_http_a_SOURCES = \

	$(src_test_fuzz_fuzz_http_SOURCES)

src_test_fuzz_liboss_fuzz_http_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
@@ -287,6 +309,7 @@ OSS_FUZZ_FUZZERS = \ 
	src/test/fuzz/liboss-fuzz-diff-apply.a \

	src/test/fuzz/liboss-fuzz-extrainfo.a \

	src/test/fuzz/liboss-fuzz-hsdescv2.a \

	src/test/fuzz/liboss-fuzz-hsdescv3.a \

	src/test/fuzz/liboss-fuzz-http.a \

	src/test/fuzz/liboss-fuzz-iptsv2.a \

	src/test/fuzz/liboss-fuzz-microdesc.a \