mirror/tor
0
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 04:12:13 +02:00
Code

Merge remote-tracking branch 'asn-private/hsfuz' into hs_fuzzing

Browse Source
This commit is contained in:
Nick Mathewson 2021-10-15 11:20:06 -04:00
commit 37c0542d0d
6 changed files with 325 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/codegen/fuzzing_include_am.py
View File

@ -14,6 +14,8 @@ FUZZERS = """
diff-apply
extrainfo
hsdescv3
hsdescv3-inner
hsdescv3-middle
http
http-connect
microdesc

16
src/feature/hs/hs_descriptor.c
View File

@ -1607,8 +1607,8 @@ decrypt_desc_layer,(const hs_descriptor_t *desc,
* put in decrypted_out which contains the superencrypted layer of the
* descriptor. Return the length of decrypted_out on success else 0 is
* returned and decrypted_out is set to NULL. */
static size_t
desc_decrypt_superencrypted(const hs_descriptor_t *desc, char **decrypted_out)
MOCK_IMPL(STATIC size_t,
desc_decrypt_superencrypted,(const hs_descriptor_t *desc,char **decrypted_out))
{
size_t superencrypted_len = 0;
char *superencrypted_plaintext = NULL;
@ -1639,10 +1639,10 @@ desc_decrypt_superencrypted(const hs_descriptor_t *desc, char **decrypted_out)
* decrypted_out which contains the encrypted layer of the descriptor.
* Return the length of decrypted_out on success else 0 is returned and
* decrypted_out is set to NULL. */
static size_t
desc_decrypt_encrypted(const hs_descriptor_t *desc,
const curve25519_secret_key_t *client_auth_sk,
char **decrypted_out)
MOCK_IMPL(STATIC size_t,
desc_decrypt_encrypted,(const hs_descriptor_t *desc,
const curve25519_secret_key_t *client_auth_sk,
char **decrypted_out))
{
size_t encrypted_len = 0;
char *encrypted_plaintext = NULL;
@ -2145,7 +2145,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens,
/** Decode the version 3 superencrypted section of the given descriptor desc.
* The desc_superencrypted_out will be populated with the decoded data. */
static hs_desc_decode_status_t
STATIC hs_desc_decode_status_t
desc_decode_superencrypted_v3(const hs_descriptor_t *desc,
hs_desc_superencrypted_data_t *
desc_superencrypted_out)
@ -2259,7 +2259,7 @@ desc_decode_superencrypted_v3(const hs_descriptor_t *desc,
/** Decode the version 3 encrypted section of the given descriptor desc. The
* desc_encrypted_out will be populated with the decoded data. */
static hs_desc_decode_status_t
STATIC hs_desc_decode_status_t
desc_decode_encrypted_v3(const hs_descriptor_t *desc,
const curve25519_secret_key_t *client_auth_sk,
hs_desc_encrypted_data_t *desc_encrypted_out)

19
src/feature/hs/hs_descriptor.h
View File

@ -339,6 +339,25 @@ MOCK_DECL(STATIC size_t, decrypt_desc_layer,(const hs_descriptor_t *desc,
bool is_superencrypted_layer,
char **decrypted_out));
STATIC hs_desc_decode_status_t desc_decode_encrypted_v3(
const hs_descriptor_t *desc,
const curve25519_secret_key_t *client_auth_sk,
hs_desc_encrypted_data_t *desc_encrypted_out);
STATIC hs_desc_decode_status_t
desc_decode_superencrypted_v3(const hs_descriptor_t *desc,
hs_desc_superencrypted_data_t *
desc_superencrypted_out);
MOCK_DECL(STATIC size_t, desc_decrypt_encrypted,(
const hs_descriptor_t *desc,
const curve25519_secret_key_t *client_auth_sk,
char **decrypted_out));
MOCK_DECL(STATIC size_t, desc_decrypt_superencrypted,(
const hs_descriptor_t *desc,
char **decrypted_out));
#endif /* defined(HS_DESCRIPTOR_PRIVATE) */
#endif /* !defined(TOR_HS_DESCRIPTOR_H) */

119
src/test/fuzz/fuzz_hsdescv3_inner.c Normal file
View File

@ -0,0 +1,119 @@
/* Copyright (c) 2017-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define HS_DESCRIPTOR_PRIVATE
#include "core/or/or.h"
#include "trunnel/ed25519_cert.h" /* Trunnel interface. */
#include "lib/crypt_ops/crypto_ed25519.h"
#include "feature/hs/hs_descriptor.h"
#include "feature/dirparse/unparseable.h"
#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
{
(void)desc;
(void)type;
}
static int
mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
const size_t crosscert_len,
const crypto_pk_t *rsa_id_key,
const ed25519_public_key_t *master_key,
const time_t reject_if_expired_before)
{
(void) crosscert;
(void) crosscert_len;
(void) rsa_id_key;
(void) master_key;
(void) reject_if_expired_before;
return 0;
}
static size_t
mock_decrypt_desc_layer(const hs_descriptor_t *desc,
const uint8_t *descriptor_cookie,
bool is_superencrypted_layer,
char **decrypted_out)
{
(void)is_superencrypted_layer;
(void)desc;
(void)descriptor_cookie;
const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
const uint8_t *encrypted_blob = (is_superencrypted_layer)
? desc->plaintext_data.superencrypted_blob
: desc->superencrypted_data.encrypted_blob;
size_t encrypted_blob_size = (is_superencrypted_layer)
? desc->plaintext_data.superencrypted_blob_size
: desc->superencrypted_data.encrypted_blob_size;
if (encrypted_blob_size < overhead)
return 0;
*decrypted_out = tor_memdup_nulterm(
encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
encrypted_blob_size - overhead);
size_t result = strlen(*decrypted_out);
if (result) {
return result;
} else {
tor_free(*decrypted_out);
return 0;
}
}
static const uint8_t *decrypted_data = NULL;
static size_t decrypted_len = 0;
static size_t
mock_desc_decrypt_encrypted(const hs_descriptor_t *desc,
const curve25519_secret_key_t *client_auth_sk,
char **decrypted_out)
{
(void)desc;
(void)client_auth_sk;
*decrypted_out = (char*)tor_memdup_nulterm(decrypted_data, decrypted_len);
return decrypted_len;
}
int
fuzz_init(void)
{
disable_signature_checking();
MOCK(dump_desc, mock_dump_desc__nodump);
MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
MOCK(desc_decrypt_encrypted, mock_desc_decrypt_encrypted);
ed25519_init();
return 0;
}
int
fuzz_cleanup(void)
{
return 0;
}
int
fuzz_main(const uint8_t *data, size_t sz)
{
decrypted_data = data;
decrypted_len = sz;
hs_descriptor_t *desc = tor_malloc_zero(sizeof(hs_descriptor_t));
hs_desc_encrypted_data_t *output = tor_malloc_zero(sizeof(*output));
curve25519_secret_key_t *client_auth_sk = NULL;
hs_desc_decode_status_t status;
status = desc_decode_encrypted_v3(desc, client_auth_sk, output);
if (status == HS_DESC_DECODE_OK) {
log_debug(LD_GENERAL, "Decoding okay");
} else {
log_debug(LD_GENERAL, "Decoding failed");
}
hs_descriptor_free(desc);
hs_desc_encrypted_data_free(output);
return 0;
}

116
src/test/fuzz/fuzz_hsdescv3_middle.c Normal file
View File

@ -0,0 +1,116 @@
/* Copyright (c) 2017-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define HS_DESCRIPTOR_PRIVATE
#include "core/or/or.h"
#include "trunnel/ed25519_cert.h" /* Trunnel interface. */
#include "lib/crypt_ops/crypto_ed25519.h"
#include "feature/hs/hs_descriptor.h"
#include "feature/dirparse/unparseable.h"
#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
{
(void)desc;
(void)type;
}
static int
mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
const size_t crosscert_len,
const crypto_pk_t *rsa_id_key,
const ed25519_public_key_t *master_key,
const time_t reject_if_expired_before)
{
(void) crosscert;
(void) crosscert_len;
(void) rsa_id_key;
(void) master_key;
(void) reject_if_expired_before;
return 0;
}
static size_t
mock_decrypt_desc_layer(const hs_descriptor_t *desc,
const uint8_t *descriptor_cookie,
bool is_superencrypted_layer,
char **decrypted_out)
{
(void)is_superencrypted_layer;
(void)desc;
(void)descriptor_cookie;
const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
const uint8_t *encrypted_blob = (is_superencrypted_layer)
? desc->plaintext_data.superencrypted_blob
: desc->superencrypted_data.encrypted_blob;
size_t encrypted_blob_size = (is_superencrypted_layer)
? desc->plaintext_data.superencrypted_blob_size
: desc->superencrypted_data.encrypted_blob_size;
if (encrypted_blob_size < overhead)
return 0;
*decrypted_out = tor_memdup_nulterm(
encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
encrypted_blob_size - overhead);
size_t result = strlen(*decrypted_out);
if (result) {
return result;
} else {
tor_free(*decrypted_out);
return 0;
}
}
static const uint8_t *decrypted_data = NULL;
static size_t decrypted_len = 0;
static size_t
mock_desc_decrypt_superencrypted(const hs_descriptor_t *desc,
char **decrypted_out)
{
(void)desc;
*decrypted_out = (char*)tor_memdup_nulterm(decrypted_data, decrypted_len);
return decrypted_len;
}
int
fuzz_init(void)
{
disable_signature_checking();
MOCK(dump_desc, mock_dump_desc__nodump);
MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
MOCK(desc_decrypt_superencrypted, mock_desc_decrypt_superencrypted);
ed25519_init();
return 0;
}
int
fuzz_cleanup(void)
{
return 0;
}
int
fuzz_main(const uint8_t *data, size_t sz)
{
decrypted_data = data;
decrypted_len = sz;
hs_descriptor_t *desc = tor_malloc_zero(sizeof(hs_descriptor_t));
hs_desc_superencrypted_data_t *output = tor_malloc_zero(sizeof(*output));
hs_desc_decode_status_t status;
status = desc_decode_superencrypted_v3(desc, output);
if (status == HS_DESC_DECODE_OK) {
log_debug(LD_GENERAL, "Decoding okay");
} else {
log_debug(LD_GENERAL, "Decoding failed");
}
hs_descriptor_free(desc);
hs_desc_superencrypted_data_free(output);
return 0;
}

61
src/test/fuzz/include.am
View File

@ -111,6 +111,28 @@ src_test_fuzz_fuzz_hsdescv3_LDFLAGS = $(FUZZING_LDFLAG)
src_test_fuzz_fuzz_hsdescv3_LDADD = $(FUZZING_LIBS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_fuzz_hsdescv3_inner_SOURCES = \
src/test/fuzz/fuzzing_common.c \
src/test/fuzz/fuzz_hsdescv3_inner.c
src_test_fuzz_fuzz_hsdescv3_inner_CPPFLAGS = $(FUZZING_CPPFLAGS)
src_test_fuzz_fuzz_hsdescv3_inner_CFLAGS = $(FUZZING_CFLAGS)
src_test_fuzz_fuzz_hsdescv3_inner_LDFLAGS = $(FUZZING_LDFLAG)
src_test_fuzz_fuzz_hsdescv3_inner_LDADD = $(FUZZING_LIBS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_fuzz_hsdescv3_middle_SOURCES = \
src/test/fuzz/fuzzing_common.c \
src/test/fuzz/fuzz_hsdescv3_middle.c
src_test_fuzz_fuzz_hsdescv3_middle_CPPFLAGS = $(FUZZING_CPPFLAGS)
src_test_fuzz_fuzz_hsdescv3_middle_CFLAGS = $(FUZZING_CFLAGS)
src_test_fuzz_fuzz_hsdescv3_middle_LDFLAGS = $(FUZZING_LDFLAG)
src_test_fuzz_fuzz_hsdescv3_middle_LDADD = $(FUZZING_LIBS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_fuzz_http_SOURCES = \
src/test/fuzz/fuzzing_common.c \
@ -181,6 +203,8 @@ FUZZERS = \
src/test/fuzz/fuzz-diff-apply \
src/test/fuzz/fuzz-extrainfo \
src/test/fuzz/fuzz-hsdescv3 \
src/test/fuzz/fuzz-hsdescv3-inner \
src/test/fuzz/fuzz-hsdescv3-middle \
src/test/fuzz/fuzz-http \
src/test/fuzz/fuzz-http-connect \
src/test/fuzz/fuzz-microdesc \
@ -264,6 +288,25 @@ src_test_fuzz_lf_fuzz_hsdescv3_LDFLAGS = $(LIBFUZZER_LDFLAG)
src_test_fuzz_lf_fuzz_hsdescv3_LDADD = $(LIBFUZZER_LIBS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_lf_fuzz_hsdescv3_inner_SOURCES = \
$(src_test_fuzz_fuzz_hsdescv3_inner_SOURCES)
src_test_fuzz_lf_fuzz_hsdescv3_inner_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
src_test_fuzz_lf_fuzz_hsdescv3_inner_CFLAGS = $(LIBFUZZER_CFLAGS)
src_test_fuzz_lf_fuzz_hsdescv3_inner_LDFLAGS = $(LIBFUZZER_LDFLAG)
src_test_fuzz_lf_fuzz_hsdescv3_inner_LDADD = $(LIBFUZZER_LIBS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_lf_fuzz_hsdescv3_middle_SOURCES = \
$(src_test_fuzz_fuzz_hsdescv3_middle_SOURCES)
src_test_fuzz_lf_fuzz_hsdescv3_middle_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
src_test_fuzz_lf_fuzz_hsdescv3_middle_CFLAGS = $(LIBFUZZER_CFLAGS)
src_test_fuzz_lf_fuzz_hsdescv3_middle_LDFLAGS = $(LIBFUZZER_LDFLAG)
src_test_fuzz_lf_fuzz_hsdescv3_middle_LDADD = $(LIBFUZZER_LIBS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_lf_fuzz_http_SOURCES = \
$(src_test_fuzz_fuzz_http_SOURCES)
@ -327,6 +370,8 @@ LIBFUZZER_FUZZERS = \
src/test/fuzz/lf-fuzz-diff-apply \
src/test/fuzz/lf-fuzz-extrainfo \
src/test/fuzz/lf-fuzz-hsdescv3 \
src/test/fuzz/lf-fuzz-hsdescv3-inner \
src/test/fuzz/lf-fuzz-hsdescv3-middle \
src/test/fuzz/lf-fuzz-http \
src/test/fuzz/lf-fuzz-http-connect \
src/test/fuzz/lf-fuzz-microdesc \
@ -397,6 +442,20 @@ src_test_fuzz_liboss_fuzz_hsdescv3_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
src_test_fuzz_liboss_fuzz_hsdescv3_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_liboss_fuzz_hsdescv3_inner_a_SOURCES = \
$(src_test_fuzz_fuzz_hsdescv3_inner_SOURCES)
src_test_fuzz_liboss_fuzz_hsdescv3_inner_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
src_test_fuzz_liboss_fuzz_hsdescv3_inner_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_liboss_fuzz_hsdescv3_middle_a_SOURCES = \
$(src_test_fuzz_fuzz_hsdescv3_middle_SOURCES)
src_test_fuzz_liboss_fuzz_hsdescv3_middle_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
src_test_fuzz_liboss_fuzz_hsdescv3_middle_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
endif
if UNITTESTS_ENABLED
src_test_fuzz_liboss_fuzz_http_a_SOURCES = \
$(src_test_fuzz_fuzz_http_SOURCES)
@ -448,6 +507,8 @@ OSS_FUZZ_FUZZERS = \
src/test/fuzz/liboss-fuzz-diff-apply.a \
src/test/fuzz/liboss-fuzz-extrainfo.a \
src/test/fuzz/liboss-fuzz-hsdescv3.a \
src/test/fuzz/liboss-fuzz-hsdescv3-inner.a \
src/test/fuzz/liboss-fuzz-hsdescv3-middle.a \
src/test/fuzz/liboss-fuzz-http.a \
src/test/fuzz/liboss-fuzz-http-connect.a \
src/test/fuzz/liboss-fuzz-microdesc.a \