diff options
author | nicoo <nicoo@debian.org> | 2020-02-12 13:42:22 +0100 |
---|---|---|
committer | Nicolas Braud-Santoni <nicolas@braud-santoni.eu> | 2020-02-12 13:42:22 +0100 |
commit | c79050aa44b8836d836c5dd22a383a073c28b74b (patch) | |
tree | 7bcca9fabd7718bf87ca600a6594f57b76d8de7d /fuzz |
Import upstream release 1.3.0
Closes: #951184
Diffstat (limited to 'fuzz')
34 files changed, 6138 insertions, 0 deletions
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt new file mode 100644 index 0000000..ad30aa3 --- /dev/null +++ b/fuzz/CMakeLists.txt | |||
@@ -0,0 +1,44 @@ | |||
1 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
2 | # Use of this source code is governed by a BSD-style | ||
3 | # license that can be found in the LICENSE file. | ||
4 | |||
5 | list(APPEND COMPAT_SOURCES | ||
6 | ../openbsd-compat/strlcpy.c | ||
7 | ../openbsd-compat/strlcat.c | ||
8 | ) | ||
9 | |||
10 | list(APPEND COMMON_SOURCES | ||
11 | mutator_aux.c | ||
12 | uniform_random.c | ||
13 | ) | ||
14 | |||
15 | |||
16 | # fuzz_cred | ||
17 | add_executable(fuzz_cred fuzz_cred.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) | ||
18 | target_compile_options(fuzz_cred PRIVATE ${FUZZ_LDFLAGS}) | ||
19 | set_target_properties(fuzz_cred PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS}) | ||
20 | target_link_libraries(fuzz_cred fido2_shared) | ||
21 | |||
22 | # fuzz_assert | ||
23 | add_executable(fuzz_assert fuzz_assert.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) | ||
24 | target_compile_options(fuzz_assert PRIVATE ${FUZZ_LDFLAGS}) | ||
25 | set_target_properties(fuzz_assert PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS}) | ||
26 | target_link_libraries(fuzz_assert fido2_shared) | ||
27 | |||
28 | # fuzz_mgmt | ||
29 | add_executable(fuzz_mgmt fuzz_mgmt.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) | ||
30 | target_compile_options(fuzz_mgmt PRIVATE ${FUZZ_LDFLAGS}) | ||
31 | set_target_properties(fuzz_mgmt PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS}) | ||
32 | target_link_libraries(fuzz_mgmt fido2_shared) | ||
33 | |||
34 | # fuzz_credman | ||
35 | add_executable(fuzz_credman fuzz_credman.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) | ||
36 | target_compile_options(fuzz_credman PRIVATE ${FUZZ_LDFLAGS}) | ||
37 | set_target_properties(fuzz_credman PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS}) | ||
38 | target_link_libraries(fuzz_credman fido2_shared) | ||
39 | |||
40 | # fuzz_bio | ||
41 | add_executable(fuzz_bio fuzz_bio.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) | ||
42 | target_compile_options(fuzz_bio PRIVATE ${FUZZ_LDFLAGS}) | ||
43 | set_target_properties(fuzz_bio PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS}) | ||
44 | target_link_libraries(fuzz_bio fido2_shared) | ||
diff --git a/fuzz/README b/fuzz/README new file mode 100644 index 0000000..ecb02bb --- /dev/null +++ b/fuzz/README | |||
@@ -0,0 +1,157 @@ | |||
1 | libfido2 can be fuzzed using AFL or libFuzzer, with or without | ||
2 | ASAN/MSAN/UBSAN. | ||
3 | |||
4 | AFL is more convenient when fuzzing the path from the authenticator to | ||
5 | libfido2 in an existing application. To do so, use preload-snoop.c with a real | ||
6 | authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1 | ||
7 | -DAFL=1, and use preload-fuzz.c to read device data from stdin. Examples of | ||
8 | this approach can be found in the harnesses under fuzz/harnesses/ that fuzz | ||
9 | the standalone examples and tools bundled with libfido2. | ||
10 | |||
11 | libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c, | ||
12 | fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses, | ||
13 | use -DFUZZ=1 -DLIBFUZZER=1. | ||
14 | |||
15 | To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of | ||
16 | libcbor and OpenSSL built with the respective sanitiser. In order to keep | ||
17 | memory utilisation at a manageable level, you can either enforce limits at | ||
18 | the OS level (e.g. cgroups on Linux) or, alternatively, patch libcbor with | ||
19 | the diff at the bottom of this file. | ||
20 | |||
21 | 1. Using ASAN + UBSAN | ||
22 | |||
23 | - Make sure you have libcbor built with -fsanitize=address; | ||
24 | - Make sure you have OpenSSL built with -fsanitize=address; | ||
25 | - Rebuild libfido2 with -DASAN=1 -DUBSAN=1. | ||
26 | |||
27 | 1.1 Decide where your workspace will live | ||
28 | |||
29 | $ export FAKEROOT=/home/pedro/fakeroot | ||
30 | $ mkdir -p ${FAKEROOT}/src | ||
31 | |||
32 | 1.2 Building libcbor with ASAN | ||
33 | |||
34 | $ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor | ||
35 | $ cd ${FAKEROOT}/src/libcbor | ||
36 | |||
37 | Assuming libfido2 is under ${FAKEROOT}/src/libfido2: | ||
38 | |||
39 | $ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README | ||
40 | $ mkdir build | ||
41 | $ cd build | ||
42 | $ cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \ | ||
43 | -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ | ||
44 | -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \ | ||
45 | -DCMAKE_INSTALL_LIBDIR=lib .. | ||
46 | $ make | ||
47 | $ make install | ||
48 | |||
49 | 1.3 Building OpenSSL with ASAN | ||
50 | |||
51 | $ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl | ||
52 | $ cd ${FAKEROOT}/src/openssl | ||
53 | $ ./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \ | ||
54 | --openssldir=${FAKEROOT}/openssl | ||
55 | $ make clean | ||
56 | $ make | ||
57 | $ make install_sw | ||
58 | |||
59 | 1.4 Building libfido2 with libFuzzer and ASAN + UBSAN | ||
60 | |||
61 | $ cd ${FAKEROOT}/src/libfido2 | ||
62 | $ mkdir build | ||
63 | $ cd build | ||
64 | $ cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ | ||
65 | -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ | ||
66 | -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ | ||
67 | -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ | ||
68 | -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ | ||
69 | -DCMAKE_BUILD_TYPE=Debug .. | ||
70 | $ make | ||
71 | |||
72 | 2. Using MSAN + UBSAN | ||
73 | |||
74 | - Make sure you have libcbor built with -fsanitize=memory; | ||
75 | - Make sure you have OpenSSL built with -fsanitize=memory; | ||
76 | - Rebuild libfido2 with -DMSAN=1 -DUBSAN=1. | ||
77 | |||
78 | 2.1 Decide where your workspace will live | ||
79 | |||
80 | $ export FAKEROOT=/home/pedro/fakeroot | ||
81 | $ mkdir -p ${FAKEROOT}/src | ||
82 | |||
83 | 2.2 Building libcbor with MSAN | ||
84 | |||
85 | $ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor | ||
86 | $ cd ${FAKEROOT}/src/libcbor | ||
87 | |||
88 | Assuming libfido2 is under ${FAKEROOT}/src/libfido2: | ||
89 | |||
90 | $ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README | ||
91 | $ mkdir build | ||
92 | $ cd build | ||
93 | $ cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \ | ||
94 | -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ | ||
95 | -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \ | ||
96 | -DCMAKE_INSTALL_LIBDIR=lib .. | ||
97 | $ make | ||
98 | $ make install | ||
99 | |||
100 | 2.2 Building OpenSSL with MSAN | ||
101 | |||
102 | $ mkdir -p ${FAKEROOT}/src | ||
103 | $ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl | ||
104 | $ cd ${FAKEROOT}/src/openssl | ||
105 | $ ./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \ | ||
106 | --openssldir=${FAKEROOT}/openssl | ||
107 | $ make clean | ||
108 | $ make | ||
109 | $ make install_sw | ||
110 | |||
111 | 2.3 Building libfido2 with libFuzzer and MSAN + UBSAN | ||
112 | |||
113 | $ cd ${FAKEROOT}/src/libfido2 | ||
114 | $ mkdir build | ||
115 | $ cd build | ||
116 | $ cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ | ||
117 | -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ | ||
118 | -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ | ||
119 | -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ | ||
120 | -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ | ||
121 | -DCMAKE_BUILD_TYPE=Debug .. | ||
122 | $ make | ||
123 | |||
124 | 3. Running the libFuzzer harnesses | ||
125 | |||
126 | When running under ASAN, you may want to set ASAN_OPTIONS to | ||
127 | 'allocator_may_return_null=1:detect_stack_use_after_return=1'. | ||
128 | |||
129 | The recommended way to run the harnesses is: | ||
130 | |||
131 | $ fuzz_{assert,cred,credman,mgmt} -use_value_profile=1 -reload=30 \ | ||
132 | -print_pcs=1 -print_funcs=30 -timeout=10 -max_len=17408 CORPUS_DIR | ||
133 | |||
134 | You may want to use -jobs or -workers depending on the number of logical | ||
135 | cores available for fuzzing. | ||
136 | |||
137 | 4. Auxiliary scripts | ||
138 | |||
139 | A set of harnesses and auxiliary scripts can be found under harnesses/. To | ||
140 | compile coverage reports, adjust the harnesses to your setup and run 'report'. | ||
141 | |||
142 | diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c | ||
143 | index aa049a2..e294b38 100644 | ||
144 | --- src/cbor/internal/memory_utils.c | ||
145 | +++ src/cbor/internal/memory_utils.c | ||
146 | @@ -28,7 +28,10 @@ bool _cbor_safe_to_multiply(size_t a, size_t b) { | ||
147 | |||
148 | void* _cbor_alloc_multiple(size_t item_size, size_t item_count) { | ||
149 | if (_cbor_safe_to_multiply(item_size, item_count)) { | ||
150 | - return _CBOR_MALLOC(item_size * item_count); | ||
151 | + if (item_count > 1000) { | ||
152 | + return NULL; | ||
153 | + } else | ||
154 | + return _CBOR_MALLOC(item_size * item_count); | ||
155 | } else { | ||
156 | return NULL; | ||
157 | } | ||
diff --git a/fuzz/corpus.tgz b/fuzz/corpus.tgz new file mode 100644 index 0000000..9da3099 --- /dev/null +++ b/fuzz/corpus.tgz | |||
Binary files differ | |||
diff --git a/fuzz/functions.txt b/fuzz/functions.txt new file mode 100644 index 0000000..cd652f2 --- /dev/null +++ b/fuzz/functions.txt | |||
@@ -0,0 +1,564 @@ | |||
1 | File '/home/pedro/projects/libfido2/src/aes256.c': | ||
2 | Name Regions Miss Cover Lines Miss Cover | ||
3 | ----------------------------------------------------------------------------- | ||
4 | aes256_cbc_enc 28 0 100.00% 41 0 100.00% | ||
5 | aes256_cbc_dec 28 0 100.00% 41 0 100.00% | ||
6 | ----------------------------------------------------------------------------- | ||
7 | TOTAL 56 0 100.00% 82 0 100.00% | ||
8 | |||
9 | File '/home/pedro/projects/libfido2/src/assert.c': | ||
10 | Name Regions Miss Cover Lines Miss Cover | ||
11 | --------------------------------------------------------------------------------------- | ||
12 | fido_dev_get_assert 35 3 91.43% 38 4 89.47% | ||
13 | fido_check_flags 13 0 100.00% 18 0 100.00% | ||
14 | fido_verify_sig_es256 17 2 88.24% 31 7 77.42% | ||
15 | fido_verify_sig_rs256 17 2 88.24% 31 7 77.42% | ||
16 | fido_verify_sig_eddsa 23 2 91.30% 43 7 83.72% | ||
17 | fido_assert_verify 48 4 91.67% 79 4 94.94% | ||
18 | fido_assert_set_clientdata_hash 6 0 100.00% 6 0 100.00% | ||
19 | fido_assert_set_hmac_salt 10 0 100.00% 7 0 100.00% | ||
20 | fido_assert_set_rp 12 1 91.67% 14 3 78.57% | ||
21 | fido_assert_allow_cred 13 2 84.62% 29 3 89.66% | ||
22 | fido_assert_set_extensions 9 0 100.00% 8 0 100.00% | ||
23 | fido_assert_set_options 6 6 0.00% 6 6 0.00% | ||
24 | fido_assert_set_up 2 0 100.00% 5 0 100.00% | ||
25 | fido_assert_set_uv 2 0 100.00% 5 0 100.00% | ||
26 | fido_assert_clientdata_hash_ptr 1 0 100.00% 3 0 100.00% | ||
27 | fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00% | ||
28 | fido_assert_new 1 0 100.00% 3 0 100.00% | ||
29 | fido_assert_reset_tx 1 0 100.00% 15 0 100.00% | ||
30 | fido_assert_reset_rx 6 0 100.00% 24 0 100.00% | ||
31 | fido_assert_free 6 0 100.00% 13 0 100.00% | ||
32 | fido_assert_count 1 0 100.00% 3 0 100.00% | ||
33 | fido_assert_rp_id 1 0 100.00% 3 0 100.00% | ||
34 | fido_assert_flags 4 0 100.00% 6 0 100.00% | ||
35 | fido_assert_sigcount 4 0 100.00% 6 0 100.00% | ||
36 | fido_assert_authdata_ptr 4 0 100.00% 6 0 100.00% | ||
37 | fido_assert_authdata_len 4 0 100.00% 6 0 100.00% | ||
38 | fido_assert_sig_ptr 4 0 100.00% 6 0 100.00% | ||
39 | fido_assert_sig_len 4 0 100.00% 6 0 100.00% | ||
40 | fido_assert_id_ptr 4 0 100.00% 6 0 100.00% | ||
41 | fido_assert_id_len 4 0 100.00% 6 0 100.00% | ||
42 | fido_assert_user_id_ptr 4 0 100.00% 6 0 100.00% | ||
43 | fido_assert_user_id_len 4 0 100.00% 6 0 100.00% | ||
44 | fido_assert_user_icon 4 0 100.00% 6 0 100.00% | ||
45 | fido_assert_user_name 4 0 100.00% 6 0 100.00% | ||
46 | fido_assert_user_display_name 4 0 100.00% 6 0 100.00% | ||
47 | fido_assert_hmac_secret_ptr 4 0 100.00% 6 0 100.00% | ||
48 | fido_assert_hmac_secret_len 4 0 100.00% 6 0 100.00% | ||
49 | fido_assert_set_authdata 24 0 100.00% 35 0 100.00% | ||
50 | fido_assert_set_authdata_raw 24 0 100.00% 34 0 100.00% | ||
51 | fido_assert_set_sig 14 0 100.00% 17 0 100.00% | ||
52 | fido_assert_set_count 10 0 100.00% 21 0 100.00% | ||
53 | assert.c:fido_dev_get_assert_wait 21 0 100.00% 16 0 100.00% | ||
54 | assert.c:fido_dev_get_assert_tx 58 4 93.10% 84 11 86.90% | ||
55 | assert.c:fido_dev_get_assert_rx 20 0 100.00% 38 0 100.00% | ||
56 | assert.c:adjust_assert_count 24 0 100.00% 33 0 100.00% | ||
57 | assert.c:parse_assert_reply 11 0 100.00% 25 0 100.00% | ||
58 | assert.c:fido_get_next_assert_tx 9 0 100.00% 11 0 100.00% | ||
59 | assert.c:fido_get_next_assert_rx 16 2 87.50% 26 4 84.62% | ||
60 | assert.c:decrypt_hmac_secrets 9 1 88.89% 15 4 73.33% | ||
61 | assert.c:check_extensions 4 0 100.00% 9 0 100.00% | ||
62 | assert.c:get_signed_hash 32 0 100.00% 46 0 100.00% | ||
63 | assert.c:fido_assert_clean_authdata 1 0 100.00% 9 0 100.00% | ||
64 | assert.c:fido_assert_clean_sig 1 0 100.00% 5 0 100.00% | ||
65 | --------------------------------------------------------------------------------------- | ||
66 | TOTAL 569 29 94.90% 901 60 93.34% | ||
67 | |||
68 | File '/home/pedro/projects/libfido2/src/authkey.c': | ||
69 | Name Regions Miss Cover Lines Miss Cover | ||
70 | --------------------------------------------------------------------------------------- | ||
71 | fido_dev_authkey 1 0 100.00% 3 0 100.00% | ||
72 | authkey.c:fido_dev_authkey_wait 10 0 100.00% 9 0 100.00% | ||
73 | authkey.c:fido_dev_authkey_tx 19 0 100.00% 33 0 100.00% | ||
74 | authkey.c:fido_dev_authkey_rx 7 0 100.00% 18 0 100.00% | ||
75 | authkey.c:parse_authkey 8 0 100.00% 12 0 100.00% | ||
76 | --------------------------------------------------------------------------------------- | ||
77 | TOTAL 45 0 100.00% 75 0 100.00% | ||
78 | |||
79 | File '/home/pedro/projects/libfido2/src/bio.c': | ||
80 | Name Regions Miss Cover Lines Miss Cover | ||
81 | --------------------------------------------------------------------------------------- | ||
82 | fido_bio_dev_get_template_array 5 2 60.00% 6 0 100.00% | ||
83 | fido_bio_dev_set_template_name 7 0 100.00% 6 0 100.00% | ||
84 | fido_bio_dev_enroll_begin 24 2 91.67% 36 0 100.00% | ||
85 | fido_bio_dev_enroll_continue 5 2 60.00% 6 0 100.00% | ||
86 | fido_bio_dev_enroll_cancel 1 1 0.00% 3 3 0.00% | ||
87 | fido_bio_dev_enroll_remove 1 0 100.00% 3 0 100.00% | ||
88 | fido_bio_dev_get_info 1 0 100.00% 3 0 100.00% | ||
89 | fido_bio_template_name 1 0 100.00% 3 0 100.00% | ||
90 | fido_bio_template_id_ptr 1 0 100.00% 3 0 100.00% | ||
91 | fido_bio_template_id_len 1 0 100.00% 3 0 100.00% | ||
92 | fido_bio_template_array_count 1 0 100.00% 3 0 100.00% | ||
93 | fido_bio_template_array_new 1 0 100.00% 3 0 100.00% | ||
94 | fido_bio_template_new 1 0 100.00% 3 0 100.00% | ||
95 | fido_bio_template_array_free 6 0 100.00% 10 0 100.00% | ||
96 | fido_bio_template_free 6 0 100.00% 10 0 100.00% | ||
97 | fido_bio_template_set_name 8 0 100.00% 9 0 100.00% | ||
98 | fido_bio_template_set_id 8 0 100.00% 10 0 100.00% | ||
99 | fido_bio_template 4 0 100.00% 6 0 100.00% | ||
100 | fido_bio_enroll_new 1 0 100.00% 3 0 100.00% | ||
101 | fido_bio_info_new 1 0 100.00% 3 0 100.00% | ||
102 | fido_bio_info_type 1 0 100.00% 3 0 100.00% | ||
103 | fido_bio_info_max_samples 1 0 100.00% 3 0 100.00% | ||
104 | fido_bio_enroll_free 6 0 100.00% 11 0 100.00% | ||
105 | fido_bio_info_free 6 0 100.00% 9 0 100.00% | ||
106 | fido_bio_enroll_remaining_samples 1 0 100.00% 3 0 100.00% | ||
107 | fido_bio_enroll_last_status 1 0 100.00% 3 0 100.00% | ||
108 | bio.c:bio_get_template_array_wait 11 0 100.00% 9 0 100.00% | ||
109 | bio.c:bio_tx 43 0 100.00% 65 0 100.00% | ||
110 | bio.c:bio_prepare_hmac 18 0 100.00% 36 0 100.00% | ||
111 | bio.c:bio_rx_template_array 12 0 100.00% 21 0 100.00% | ||
112 | bio.c:bio_parse_template_array 26 1 96.15% 34 4 88.24% | ||
113 | bio.c:decode_template_array 12 1 91.67% 23 3 86.96% | ||
114 | bio.c:decode_template 9 0 100.00% 18 0 100.00% | ||
115 | bio.c:bio_set_template_name_wait 19 0 100.00% 24 0 100.00% | ||
116 | bio.c:bio_enroll_begin_wait 17 1 94.12% 24 3 87.50% | ||
117 | bio.c:bio_rx_enroll_begin 16 0 100.00% 29 0 100.00% | ||
118 | bio.c:bio_parse_enroll_status 20 0 100.00% 31 0 100.00% | ||
119 | bio.c:bio_parse_template_id 8 0 100.00% 12 0 100.00% | ||
120 | bio.c:bio_enroll_continue_wait 19 0 100.00% 25 0 100.00% | ||
121 | bio.c:bio_rx_enroll_continue 12 0 100.00% 22 0 100.00% | ||
122 | bio.c:bio_enroll_cancel_wait 11 11 0.00% 12 12 0.00% | ||
123 | bio.c:bio_enroll_remove_wait 17 0 100.00% 24 0 100.00% | ||
124 | bio.c:bio_get_info_wait 11 0 100.00% 11 0 100.00% | ||
125 | bio.c:bio_rx_info 12 0 100.00% 21 0 100.00% | ||
126 | bio.c:bio_reset_info 1 0 100.00% 4 0 100.00% | ||
127 | bio.c:bio_parse_info 20 0 100.00% 31 0 100.00% | ||
128 | bio.c:bio_reset_template_array 4 0 100.00% 8 0 100.00% | ||
129 | bio.c:bio_reset_template 1 0 100.00% 6 0 100.00% | ||
130 | bio.c:bio_reset_enroll 3 0 100.00% 7 0 100.00% | ||
131 | --------------------------------------------------------------------------------------- | ||
132 | TOTAL 422 21 95.02% 661 25 96.22% | ||
133 | |||
134 | File '/home/pedro/projects/libfido2/src/blob.c': | ||
135 | Name Regions Miss Cover Lines Miss Cover | ||
136 | --------------------------------------------------------------------------------------- | ||
137 | fido_blob_new 1 0 100.00% 3 0 100.00% | ||
138 | fido_blob_set 11 1 90.91% 25 4 84.00% | ||
139 | fido_blob_free 8 0 100.00% 16 0 100.00% | ||
140 | fido_free_blob_array 9 0 100.00% 17 0 100.00% | ||
141 | fido_blob_encode 6 0 100.00% 6 0 100.00% | ||
142 | fido_blob_decode 1 0 100.00% 3 0 100.00% | ||
143 | fido_blob_is_empty 3 0 100.00% 3 0 100.00% | ||
144 | --------------------------------------------------------------------------------------- | ||
145 | TOTAL 39 1 97.44% 73 4 94.52% | ||
146 | |||
147 | File '/home/pedro/projects/libfido2/src/buf.c': | ||
148 | Name Regions Miss Cover Lines Miss Cover | ||
149 | --------------------------------------------------------------------------------------- | ||
150 | fido_buf_read 4 0 100.00% 10 0 100.00% | ||
151 | fido_buf_write 4 1 75.00% 10 1 90.00% | ||
152 | --------------------------------------------------------------------------------------- | ||
153 | TOTAL 8 1 87.50% 20 1 95.00% | ||
154 | |||
155 | File '/home/pedro/projects/libfido2/src/cbor.c': | ||
156 | Name Regions Miss Cover Lines Miss Cover | ||
157 | --------------------------------------------------------------------------------------- | ||
158 | cbor_map_iter 20 1 95.00% 30 4 86.67% | ||
159 | cbor_array_iter 12 0 100.00% 20 0 100.00% | ||
160 | cbor_parse_reply 27 0 100.00% 43 0 100.00% | ||
161 | cbor_vector_free 6 0 100.00% 5 0 100.00% | ||
162 | cbor_bytestring_copy 14 0 100.00% 22 0 100.00% | ||
163 | cbor_string_copy 14 0 100.00% 23 0 100.00% | ||
164 | cbor_add_bytestring 14 0 100.00% 26 0 100.00% | ||
165 | cbor_add_string 14 0 100.00% 26 0 100.00% | ||
166 | cbor_add_bool 14 0 100.00% 26 0 100.00% | ||
167 | cbor_flatten_vector 14 1 92.86% 21 1 95.24% | ||
168 | cbor_build_frame 15 0 100.00% 32 0 100.00% | ||
169 | cbor_encode_rp_entity 13 0 100.00% 14 0 100.00% | ||
170 | cbor_encode_user_entity 21 0 100.00% 18 0 100.00% | ||
171 | cbor_encode_pubkey_param 36 0 100.00% 48 0 100.00% | ||
172 | cbor_encode_pubkey 10 0 100.00% 13 0 100.00% | ||
173 | cbor_encode_pubkey_list 18 2 88.89% 23 0 100.00% | ||
174 | cbor_encode_extensions 13 1 92.31% 16 0 100.00% | ||
175 | cbor_encode_options 13 0 100.00% 14 0 100.00% | ||
176 | cbor_encode_assert_options 13 0 100.00% 14 0 100.00% | ||
177 | cbor_encode_pin_auth 8 0 100.00% 12 0 100.00% | ||
178 | cbor_encode_pin_opt 1 0 100.00% 3 0 100.00% | ||
179 | cbor_encode_pin_enc 4 0 100.00% 12 0 100.00% | ||
180 | cbor_encode_change_pin_auth 44 1 97.73% 69 3 95.65% | ||
181 | cbor_encode_set_pin_auth 17 0 100.00% 28 0 100.00% | ||
182 | cbor_encode_pin_hash_enc 15 0 100.00% 27 0 100.00% | ||
183 | cbor_encode_hmac_secret_param 41 1 97.56% 66 4 93.94% | ||
184 | cbor_decode_fmt 9 0 100.00% 18 0 100.00% | ||
185 | cbor_decode_pubkey 21 1 95.24% 32 2 93.75% | ||
186 | cbor_decode_cred_authdata 31 0 100.00% 46 0 100.00% | ||
187 | cbor_decode_assert_authdata 23 0 100.00% 44 0 100.00% | ||
188 | cbor_decode_attstmt 8 0 100.00% 10 0 100.00% | ||
189 | cbor_decode_uint64 4 0 100.00% 10 0 100.00% | ||
190 | cbor_decode_cred_id 8 0 100.00% 10 0 100.00% | ||
191 | cbor_decode_user 8 0 100.00% 10 0 100.00% | ||
192 | cbor_decode_rp_entity 8 0 100.00% 10 0 100.00% | ||
193 | cbor.c:ctap_check_cbor 28 0 100.00% 32 0 100.00% | ||
194 | cbor.c:check_key_type 8 0 100.00% 9 0 100.00% | ||
195 | cbor.c:cbor_add_arg 13 0 100.00% 28 0 100.00% | ||
196 | cbor.c:sha256 7 0 100.00% 15 0 100.00% | ||
197 | cbor.c:get_cose_alg 36 0 100.00% 48 0 100.00% | ||
198 | cbor.c:find_cose_alg 35 0 100.00% 40 0 100.00% | ||
199 | cbor.c:decode_attcred 25 0 100.00% 58 0 100.00% | ||
200 | cbor.c:decode_extensions 16 4 75.00% 34 6 82.35% | ||
201 | cbor.c:decode_extension 19 19 0.00% 27 27 0.00% | ||
202 | cbor.c:decode_hmac_secret 16 0 100.00% 32 0 100.00% | ||
203 | cbor.c:decode_hmac_secret_aux 7 0 100.00% 17 0 100.00% | ||
204 | cbor.c:decode_attstmt_entry 29 0 100.00% 39 0 100.00% | ||
205 | cbor.c:decode_x5c 4 0 100.00% 8 0 100.00% | ||
206 | cbor.c:decode_cred_id_entry 10 0 100.00% 23 0 100.00% | ||
207 | cbor.c:decode_user_entry 25 0 100.00% 39 0 100.00% | ||
208 | cbor.c:decode_rp_entity_entry 15 0 100.00% 29 0 100.00% | ||
209 | --------------------------------------------------------------------------------------- | ||
210 | TOTAL 844 31 96.33% 1319 47 96.44% | ||
211 | |||
212 | File '/home/pedro/projects/libfido2/src/cred.c': | ||
213 | Name Regions Miss Cover Lines Miss Cover | ||
214 | --------------------------------------------------------------------------------------- | ||
215 | fido_dev_make_cred 12 0 100.00% 9 0 100.00% | ||
216 | fido_check_rp_id 4 0 100.00% 14 0 100.00% | ||
217 | fido_cred_verify 45 0 100.00% 71 0 100.00% | ||
218 | fido_cred_verify_self 54 10 81.48% 90 14 84.44% | ||
219 | fido_cred_new 1 0 100.00% 3 0 100.00% | ||
220 | fido_cred_reset_tx 1 0 100.00% 20 0 100.00% | ||
221 | fido_cred_reset_rx 1 0 100.00% 8 0 100.00% | ||
222 | fido_cred_free 6 1 83.33% 13 0 100.00% | ||
223 | fido_cred_set_authdata 22 0 100.00% 36 0 100.00% | ||
224 | fido_cred_set_authdata_raw 22 2 90.91% 35 4 88.57% | ||
225 | fido_cred_set_x509 12 0 100.00% 16 0 100.00% | ||
226 | fido_cred_set_sig 12 0 100.00% 16 0 100.00% | ||
227 | fido_cred_exclude 14 2 85.71% 25 3 88.00% | ||
228 | fido_cred_set_clientdata_hash 6 0 100.00% 6 0 100.00% | ||
229 | fido_cred_set_rp 18 2 88.89% 26 6 76.92% | ||
230 | fido_cred_set_user 33 4 87.88% 50 13 74.00% | ||
231 | fido_cred_set_extensions 9 0 100.00% 8 0 100.00% | ||
232 | fido_cred_set_options 6 6 0.00% 6 6 0.00% | ||
233 | fido_cred_set_rk 2 0 100.00% 5 0 100.00% | ||
234 | fido_cred_set_uv 2 0 100.00% 5 0 100.00% | ||
235 | fido_cred_set_fmt 16 4 75.00% 15 1 93.33% | ||
236 | fido_cred_set_type 17 2 88.24% 9 1 88.89% | ||
237 | fido_cred_type 1 0 100.00% 3 0 100.00% | ||
238 | fido_cred_flags 1 0 100.00% 3 0 100.00% | ||
239 | fido_cred_clientdata_hash_ptr 1 0 100.00% 3 0 100.00% | ||
240 | fido_cred_clientdata_hash_len 1 0 100.00% 3 0 100.00% | ||
241 | fido_cred_x5c_ptr 1 0 100.00% 3 0 100.00% | ||
242 | fido_cred_x5c_len 1 0 100.00% 3 0 100.00% | ||
243 | fido_cred_sig_ptr 1 0 100.00% 3 0 100.00% | ||
244 | fido_cred_sig_len 1 0 100.00% 3 0 100.00% | ||
245 | fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00% | ||
246 | fido_cred_authdata_len 1 0 100.00% 3 0 100.00% | ||
247 | fido_cred_pubkey_ptr 9 0 100.00% 20 0 100.00% | ||
248 | fido_cred_pubkey_len 9 0 100.00% 20 0 100.00% | ||
249 | fido_cred_id_ptr 1 0 100.00% 3 0 100.00% | ||
250 | fido_cred_id_len 1 0 100.00% 3 0 100.00% | ||
251 | fido_cred_fmt 1 0 100.00% 3 0 100.00% | ||
252 | fido_cred_rp_id 1 0 100.00% 3 0 100.00% | ||
253 | fido_cred_rp_name 1 0 100.00% 3 0 100.00% | ||
254 | fido_cred_user_name 1 0 100.00% 3 0 100.00% | ||
255 | fido_cred_display_name 1 0 100.00% 3 0 100.00% | ||
256 | fido_cred_user_id_ptr 1 0 100.00% 3 0 100.00% | ||
257 | fido_cred_user_id_len 1 0 100.00% 3 0 100.00% | ||
258 | cred.c:fido_dev_make_cred_wait 10 0 100.00% 9 0 100.00% | ||
259 | cred.c:fido_dev_make_cred_tx 59 0 100.00% 81 0 100.00% | ||
260 | cred.c:fido_dev_make_cred_rx 22 0 100.00% 28 0 100.00% | ||
261 | cred.c:parse_makecred_reply 10 0 100.00% 23 0 100.00% | ||
262 | cred.c:check_extensions 4 0 100.00% 9 0 100.00% | ||
263 | cred.c:get_signed_hash_packed 23 1 95.65% 38 3 92.11% | ||
264 | cred.c:get_signed_hash_u2f 22 0 100.00% 20 0 100.00% | ||
265 | cred.c:verify_sig 27 1 96.30% 40 4 90.00% | ||
266 | cred.c:fido_cred_clean_authdata 1 0 100.00% 9 0 100.00% | ||
267 | cred.c:fido_cred_clean_x509 1 0 100.00% 5 0 100.00% | ||
268 | cred.c:fido_cred_clean_sig 1 0 100.00% 5 0 100.00% | ||
269 | --------------------------------------------------------------------------------------- | ||
270 | TOTAL 532 35 93.42% 850 55 93.53% | ||
271 | |||
272 | File '/home/pedro/projects/libfido2/src/credman.c': | ||
273 | Name Regions Miss Cover Lines Miss Cover | ||
274 | --------------------------------------------------------------------------------------- | ||
275 | fido_credman_get_dev_metadata 9 2 77.78% 8 0 100.00% | ||
276 | fido_credman_get_dev_rk 9 2 77.78% 8 0 100.00% | ||
277 | fido_credman_del_dev_rk 9 2 77.78% 8 0 100.00% | ||
278 | fido_credman_get_dev_rp 9 2 77.78% 8 0 100.00% | ||
279 | fido_credman_rk_new 1 0 100.00% 3 0 100.00% | ||
280 | fido_credman_rk_free 6 1 83.33% 10 0 100.00% | ||
281 | fido_credman_rk_count 1 0 100.00% 3 0 100.00% | ||
282 | fido_credman_rk 4 0 100.00% 6 0 100.00% | ||
283 | fido_credman_metadata_new 1 0 100.00% 3 0 100.00% | ||
284 | fido_credman_metadata_free 6 1 83.33% 9 0 100.00% | ||
285 | fido_credman_rk_existing 1 0 100.00% 3 0 100.00% | ||
286 | fido_credman_rk_remaining 1 0 100.00% 3 0 100.00% | ||
287 | fido_credman_rp_new 1 0 100.00% 3 0 100.00% | ||
288 | fido_credman_rp_free 6 1 83.33% 10 0 100.00% | ||
289 | fido_credman_rp_count 1 0 100.00% 3 0 100.00% | ||
290 | fido_credman_rp_id 4 0 100.00% 6 0 100.00% | ||
291 | fido_credman_rp_name 4 0 100.00% 6 0 100.00% | ||
292 | fido_credman_rp_id_hash_len 4 0 100.00% 6 0 100.00% | ||
293 | fido_credman_rp_id_hash_ptr 4 0 100.00% 6 0 100.00% | ||
294 | credman.c:credman_get_metadata_wait 11 0 100.00% 9 0 100.00% | ||
295 | credman.c:credman_tx 30 0 100.00% 53 0 100.00% | ||
296 | credman.c:credman_prepare_hmac 21 1 95.24% 43 2 95.35% | ||
297 | credman.c:credman_rx_metadata 12 0 100.00% 21 0 100.00% | ||
298 | credman.c:credman_parse_metadata 9 0 100.00% 19 0 100.00% | ||
299 | credman.c:credman_get_rk_wait 27 0 100.00% 26 0 100.00% | ||
300 | credman.c:credman_rx_rk 20 0 100.00% 36 0 100.00% | ||
301 | credman.c:credman_parse_rk_count 16 0 100.00% 25 0 100.00% | ||
302 | credman.c:credman_grow_array 17 2 88.24% 28 5 82.14% | ||
303 | credman.c:credman_parse_rk 13 0 100.00% 25 0 100.00% | ||
304 | credman.c:credman_rx_next_rk 16 2 87.50% 26 4 84.62% | ||
305 | credman.c:credman_del_rk_wait 16 0 100.00% 19 0 100.00% | ||
306 | credman.c:credman_get_rp_wait 23 0 100.00% 16 0 100.00% | ||
307 | credman.c:credman_rx_rp 20 0 100.00% 36 0 100.00% | ||
308 | credman.c:credman_parse_rp_count 16 0 100.00% 25 0 100.00% | ||
309 | credman.c:credman_parse_rp 9 0 100.00% 19 0 100.00% | ||
310 | credman.c:credman_rx_next_rp 16 2 87.50% 26 4 84.62% | ||
311 | credman.c:credman_reset_rk 4 0 100.00% 10 0 100.00% | ||
312 | credman.c:credman_reset_rp 4 0 100.00% 15 0 100.00% | ||
313 | --------------------------------------------------------------------------------------- | ||
314 | TOTAL 381 18 95.28% 589 15 97.45% | ||
315 | |||
316 | File '/home/pedro/projects/libfido2/src/dev.c': | ||
317 | Name Regions Miss Cover Lines Miss Cover | ||
318 | --------------------------------------------------------------------------------------- | ||
319 | fido_dev_open 1 0 100.00% 3 0 100.00% | ||
320 | fido_dev_close 8 2 75.00% 9 0 100.00% | ||
321 | fido_dev_cancel 8 2 75.00% 6 3 50.00% | ||
322 | fido_dev_set_io_functions 18 4 77.78% 19 6 68.42% | ||
323 | fido_init 7 1 85.71% 4 0 100.00% | ||
324 | fido_dev_new 9 1 88.89% 22 4 81.82% | ||
325 | fido_dev_free 6 0 100.00% 10 0 100.00% | ||
326 | fido_dev_protocol 1 0 100.00% 3 0 100.00% | ||
327 | fido_dev_major 1 0 100.00% 3 0 100.00% | ||
328 | fido_dev_minor 1 0 100.00% 3 0 100.00% | ||
329 | fido_dev_build 1 0 100.00% 3 0 100.00% | ||
330 | fido_dev_flags 1 0 100.00% 3 0 100.00% | ||
331 | fido_dev_is_fido2 2 0 100.00% 3 0 100.00% | ||
332 | fido_dev_force_u2f 2 0 100.00% 3 0 100.00% | ||
333 | fido_dev_force_fido2 2 2 0.00% 3 3 0.00% | ||
334 | dev.c:fido_dev_open_wait 10 0 100.00% 9 0 100.00% | ||
335 | dev.c:fido_dev_open_tx 26 8 69.23% 32 12 62.50% | ||
336 | dev.c:obtain_nonce 13 2 84.62% 18 2 88.89% | ||
337 | dev.c:fido_dev_open_rx 14 0 100.00% 27 0 100.00% | ||
338 | --------------------------------------------------------------------------------------- | ||
339 | TOTAL 131 22 83.21% 183 30 83.61% | ||
340 | |||
341 | File '/home/pedro/projects/libfido2/src/ecdh.c': | ||
342 | Name Regions Miss Cover Lines Miss Cover | ||
343 | --------------------------------------------------------------------------------------- | ||
344 | fido_do_ecdh 29 0 100.00% 44 0 100.00% | ||
345 | ecdh.c:do_ecdh 39 0 100.00% 60 0 100.00% | ||
346 | --------------------------------------------------------------------------------------- | ||
347 | TOTAL 68 0 100.00% 104 0 100.00% | ||
348 | |||
349 | File '/home/pedro/projects/libfido2/src/eddsa.c': | ||
350 | Name Regions Miss Cover Lines Miss Cover | ||
351 | --------------------------------------------------------------------------------------- | ||
352 | eddsa_pk_decode 8 0 100.00% 10 0 100.00% | ||
353 | eddsa_pk_new 1 0 100.00% 3 0 100.00% | ||
354 | eddsa_pk_free 6 0 100.00% 11 0 100.00% | ||
355 | eddsa_pk_from_ptr 6 0 100.00% 8 0 100.00% | ||
356 | eddsa_pk_to_EVP_PKEY 3 0 100.00% 9 0 100.00% | ||
357 | eddsa_pk_from_EVP_PKEY 14 4 71.43% 12 2 83.33% | ||
358 | eddsa.c:decode_pubkey_point 8 0 100.00% 14 0 100.00% | ||
359 | eddsa.c:decode_coord 8 0 100.00% 12 0 100.00% | ||
360 | --------------------------------------------------------------------------------------- | ||
361 | TOTAL 54 4 92.59% 79 2 97.47% | ||
362 | |||
363 | File '/home/pedro/projects/libfido2/src/err.c': | ||
364 | Name Regions Miss Cover Lines Miss Cover | ||
365 | --------------------------------------------------------------------------------------- | ||
366 | fido_strerr 108 108 0.00% 112 112 0.00% | ||
367 | --------------------------------------------------------------------------------------- | ||
368 | TOTAL 108 108 0.00% 112 112 0.00% | ||
369 | |||
370 | File '/home/pedro/projects/libfido2/src/es256.c': | ||
371 | Name Regions Miss Cover Lines Miss Cover | ||
372 | --------------------------------------------------------------------------------------- | ||
373 | es256_pk_decode 8 0 100.00% 10 0 100.00% | ||
374 | es256_pk_encode 56 0 100.00% 70 0 100.00% | ||
375 | es256_sk_new 1 0 100.00% 3 0 100.00% | ||
376 | es256_sk_free 6 0 100.00% 11 0 100.00% | ||
377 | es256_pk_new 1 0 100.00% 3 0 100.00% | ||
378 | es256_pk_free 6 0 100.00% 11 0 100.00% | ||
379 | es256_pk_from_ptr 6 0 100.00% 8 0 100.00% | ||
380 | es256_pk_set_x 1 0 100.00% 5 0 100.00% | ||
381 | es256_pk_set_y 1 0 100.00% 5 0 100.00% | ||
382 | es256_sk_create 39 2 94.87% 46 6 86.96% | ||
383 | es256_pk_to_EVP_PKEY 41 0 100.00% 58 0 100.00% | ||
384 | es256_pk_from_EC_KEY 38 2 94.74% 39 7 82.05% | ||
385 | es256_sk_to_EVP_PKEY 27 0 100.00% 41 0 100.00% | ||
386 | es256_derive_pk 25 0 100.00% 34 0 100.00% | ||
387 | es256.c:decode_pubkey_point 9 0 100.00% 16 0 100.00% | ||
388 | es256.c:decode_coord 8 0 100.00% 12 0 100.00% | ||
389 | --------------------------------------------------------------------------------------- | ||
390 | TOTAL 273 4 98.53% 372 13 96.51% | ||
391 | |||
392 | File '/home/pedro/projects/libfido2/src/extern.h': | ||
393 | Name Regions Miss Cover Lines Miss Cover | ||
394 | --------------------------------------------------------------------------------------- | ||
395 | |||
396 | File '/home/pedro/projects/libfido2/src/fido.h': | ||
397 | Name Regions Miss Cover Lines Miss Cover | ||
398 | --------------------------------------------------------------------------------------- | ||
399 | |||
400 | File '/home/pedro/projects/libfido2/src/hid.c': | ||
401 | Name Regions Miss Cover Lines Miss Cover | ||
402 | --------------------------------------------------------------------------------------- | ||
403 | fido_dev_info_new 1 1 0.00% 3 3 0.00% | ||
404 | fido_dev_info_free 9 9 0.00% 17 17 0.00% | ||
405 | fido_dev_info_ptr 1 1 0.00% 3 3 0.00% | ||
406 | fido_dev_info_path 1 1 0.00% 3 3 0.00% | ||
407 | fido_dev_info_vendor 1 1 0.00% 3 3 0.00% | ||
408 | fido_dev_info_product 1 1 0.00% 3 3 0.00% | ||
409 | fido_dev_info_manufacturer_string 1 1 0.00% 3 3 0.00% | ||
410 | fido_dev_info_product_string 1 1 0.00% 3 3 0.00% | ||
411 | --------------------------------------------------------------------------------------- | ||
412 | TOTAL 16 16 0.00% 38 38 0.00% | ||
413 | |||
414 | File '/home/pedro/projects/libfido2/src/hid_linux.c': | ||
415 | Name Regions Miss Cover Lines Miss Cover | ||
416 | --------------------------------------------------------------------------------------- | ||
417 | fido_dev_info_manifest 33 33 0.00% 40 40 0.00% | ||
418 | fido_hid_open 6 6 0.00% 11 11 0.00% | ||
419 | fido_hid_close 1 1 0.00% 6 6 0.00% | ||
420 | fido_hid_read 12 12 0.00% 16 16 0.00% | ||
421 | fido_hid_write 12 12 0.00% 16 16 0.00% | ||
422 | hid_linux.c:copy_info 35 35 0.00% 56 56 0.00% | ||
423 | hid_linux.c:is_fido 6 6 0.00% 14 14 0.00% | ||
424 | hid_linux.c:get_report_descriptor 17 17 0.00% 31 31 0.00% | ||
425 | hid_linux.c:get_usage_info 16 16 0.00% 33 33 0.00% | ||
426 | hid_linux.c:get_key_len 6 6 0.00% 14 14 0.00% | ||
427 | hid_linux.c:get_key_val 6 6 0.00% 20 20 0.00% | ||
428 | hid_linux.c:parse_uevent 16 16 0.00% 30 30 0.00% | ||
429 | --------------------------------------------------------------------------------------- | ||
430 | TOTAL 166 166 0.00% 287 287 0.00% | ||
431 | |||
432 | File '/home/pedro/projects/libfido2/src/info.c': | ||
433 | Name Regions Miss Cover Lines Miss Cover | ||
434 | --------------------------------------------------------------------------------------- | ||
435 | fido_dev_get_cbor_info 1 0 100.00% 3 0 100.00% | ||
436 | fido_cbor_info_new 1 0 100.00% 3 0 100.00% | ||
437 | fido_cbor_info_free 6 1 83.33% 14 0 100.00% | ||
438 | fido_cbor_info_versions_ptr 1 0 100.00% 3 0 100.00% | ||
439 | fido_cbor_info_versions_len 1 0 100.00% 3 0 100.00% | ||
440 | fido_cbor_info_extensions_ptr 1 0 100.00% 3 0 100.00% | ||
441 | fido_cbor_info_extensions_len 1 0 100.00% 3 0 100.00% | ||
442 | fido_cbor_info_aaguid_ptr 1 0 100.00% 3 0 100.00% | ||
443 | fido_cbor_info_aaguid_len 1 0 100.00% 3 0 100.00% | ||
444 | fido_cbor_info_options_name_ptr 1 0 100.00% 3 0 100.00% | ||
445 | fido_cbor_info_options_value_ptr 1 0 100.00% 3 0 100.00% | ||
446 | fido_cbor_info_options_len 1 0 100.00% 3 0 100.00% | ||
447 | fido_cbor_info_maxmsgsiz 1 0 100.00% 3 0 100.00% | ||
448 | fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00% | ||
449 | fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00% | ||
450 | info.c:fido_dev_get_cbor_info_wait 10 0 100.00% 9 0 100.00% | ||
451 | info.c:fido_dev_get_cbor_info_tx 9 0 100.00% 13 0 100.00% | ||
452 | info.c:fido_dev_get_cbor_info_rx 7 0 100.00% 18 0 100.00% | ||
453 | info.c:parse_reply_element 13 0 100.00% 27 0 100.00% | ||
454 | info.c:decode_versions 12 0 100.00% 21 0 100.00% | ||
455 | info.c:decode_version 4 0 100.00% 14 0 100.00% | ||
456 | info.c:decode_extensions 12 0 100.00% 21 0 100.00% | ||
457 | info.c:decode_extension 4 0 100.00% 14 0 100.00% | ||
458 | info.c:decode_aaguid 8 0 100.00% 12 0 100.00% | ||
459 | info.c:decode_options 11 0 100.00% 18 0 100.00% | ||
460 | info.c:decode_option 11 0 100.00% 22 0 100.00% | ||
461 | info.c:decode_protocols 12 0 100.00% 21 0 100.00% | ||
462 | info.c:decode_protocol 6 0 100.00% 16 0 100.00% | ||
463 | info.c:free_str_array 4 0 100.00% 8 0 100.00% | ||
464 | info.c:free_opt_array 4 0 100.00% 9 0 100.00% | ||
465 | info.c:free_byte_array 1 0 100.00% 6 0 100.00% | ||
466 | --------------------------------------------------------------------------------------- | ||
467 | TOTAL 148 1 99.32% 305 0 100.00% | ||
468 | |||
469 | File '/home/pedro/projects/libfido2/src/io.c': | ||
470 | Name Regions Miss Cover Lines Miss Cover | ||
471 | --------------------------------------------------------------------------------------- | ||
472 | fido_tx 18 0 100.00% 35 0 100.00% | ||
473 | fido_rx 34 3 91.18% 84 12 85.71% | ||
474 | fido_rx_cbor_status 9 0 100.00% 13 0 100.00% | ||
475 | io.c:tx_preamble 16 1 93.75% 24 1 95.83% | ||
476 | io.c:tx_frame 16 1 93.75% 21 0 100.00% | ||
477 | io.c:rx_preamble 11 0 100.00% 12 0 100.00% | ||
478 | io.c:rx_frame 9 1 88.89% 12 0 100.00% | ||
479 | --------------------------------------------------------------------------------------- | ||
480 | TOTAL 113 6 94.69% 201 13 93.53% | ||
481 | |||
482 | File '/home/pedro/projects/libfido2/src/iso7816.c': | ||
483 | Name Regions Miss Cover Lines Miss Cover | ||
484 | --------------------------------------------------------------------------------------- | ||
485 | iso7816_new 4 0 100.00% 19 0 100.00% | ||
486 | iso7816_free 6 0 100.00% 11 0 100.00% | ||
487 | iso7816_add 6 1 83.33% 10 0 100.00% | ||
488 | iso7816_ptr 1 0 100.00% 3 0 100.00% | ||
489 | iso7816_len 1 0 100.00% 4 0 100.00% | ||
490 | --------------------------------------------------------------------------------------- | ||
491 | TOTAL 18 1 94.44% 47 0 100.00% | ||
492 | |||
493 | File '/home/pedro/projects/libfido2/src/log.c': | ||
494 | Name Regions Miss Cover Lines Miss Cover | ||
495 | --------------------------------------------------------------------------------------- | ||
496 | fido_log_init 1 1 0.00% 3 3 0.00% | ||
497 | fido_log_xxd 11 8 27.27% 18 12 33.33% | ||
498 | fido_log_debug 4 1 75.00% 13 8 38.46% | ||
499 | --------------------------------------------------------------------------------------- | ||
500 | TOTAL 16 10 37.50% 34 23 32.35% | ||
501 | |||
502 | File '/home/pedro/projects/libfido2/src/pin.c': | ||
503 | Name Regions Miss Cover Lines Miss Cover | ||
504 | --------------------------------------------------------------------------------------- | ||
505 | fido_dev_get_pin_token 1 0 100.00% 3 0 100.00% | ||
506 | fido_dev_set_pin 1 0 100.00% 3 0 100.00% | ||
507 | fido_dev_get_retry_count 1 0 100.00% 3 0 100.00% | ||
508 | cbor_add_pin_params 17 0 100.00% 27 0 100.00% | ||
509 | pin.c:fido_dev_get_pin_token_wait 10 0 100.00% 9 0 100.00% | ||
510 | pin.c:fido_dev_get_pin_token_tx 29 0 100.00% 40 0 100.00% | ||
511 | pin.c:fido_dev_get_pin_token_rx 21 0 100.00% 36 0 100.00% | ||
512 | pin.c:parse_pintoken 8 0 100.00% 12 0 100.00% | ||
513 | pin.c:fido_dev_set_pin_wait 16 0 100.00% 22 0 100.00% | ||
514 | pin.c:fido_dev_change_pin_tx 41 0 100.00% 59 0 100.00% | ||
515 | pin.c:pad64 18 0 100.00% 24 0 100.00% | ||
516 | pin.c:fido_dev_set_pin_tx 33 0 100.00% 48 0 100.00% | ||
517 | pin.c:fido_dev_get_retry_count_wait 10 0 100.00% 9 0 100.00% | ||
518 | pin.c:fido_dev_get_retry_count_tx 19 0 100.00% 28 0 100.00% | ||
519 | pin.c:fido_dev_get_retry_count_rx 12 0 100.00% 21 0 100.00% | ||
520 | pin.c:parse_retry_count 13 0 100.00% 20 0 100.00% | ||
521 | --------------------------------------------------------------------------------------- | ||
522 | TOTAL 250 0 100.00% 364 0 100.00% | ||
523 | |||
524 | File '/home/pedro/projects/libfido2/src/reset.c': | ||
525 | Name Regions Miss Cover Lines Miss Cover | ||
526 | --------------------------------------------------------------------------------------- | ||
527 | fido_dev_reset 1 0 100.00% 3 0 100.00% | ||
528 | reset.c:fido_dev_reset_wait 10 0 100.00% 9 0 100.00% | ||
529 | reset.c:fido_dev_reset_tx 9 0 100.00% 11 0 100.00% | ||
530 | --------------------------------------------------------------------------------------- | ||
531 | TOTAL 20 0 100.00% 23 0 100.00% | ||
532 | |||
533 | File '/home/pedro/projects/libfido2/src/rs256.c': | ||
534 | Name Regions Miss Cover Lines Miss Cover | ||
535 | --------------------------------------------------------------------------------------- | ||
536 | rs256_pk_decode 8 0 100.00% 10 0 100.00% | ||
537 | rs256_pk_new 1 0 100.00% 3 0 100.00% | ||
538 | rs256_pk_free 6 0 100.00% 11 0 100.00% | ||
539 | rs256_pk_from_ptr 6 0 100.00% 8 0 100.00% | ||
540 | rs256_pk_to_EVP_PKEY 32 0 100.00% 48 0 100.00% | ||
541 | rs256_pk_from_RSA 32 6 81.25% 32 9 71.88% | ||
542 | rs256.c:decode_rsa_pubkey 9 0 100.00% 16 0 100.00% | ||
543 | rs256.c:decode_bignum 8 0 100.00% 12 0 100.00% | ||
544 | --------------------------------------------------------------------------------------- | ||
545 | TOTAL 102 6 94.12% 140 9 93.57% | ||
546 | |||
547 | File '/home/pedro/projects/libfido2/src/u2f.c': | ||
548 | Name Regions Miss Cover Lines Miss Cover | ||
549 | --------------------------------------------------------------------------------------- | ||
550 | u2f_register 70 1 98.57% 89 0 100.00% | ||
551 | u2f_authenticate 27 0 100.00% 33 0 100.00% | ||
552 | u2f.c:key_lookup 44 0 100.00% 69 0 100.00% | ||
553 | u2f.c:send_dummy_register 31 1 96.77% 50 0 100.00% | ||
554 | u2f.c:parse_register_reply 57 0 100.00% 83 0 100.00% | ||
555 | u2f.c:x5c_get 21 1 95.24% 37 3 91.89% | ||
556 | u2f.c:sig_get 8 1 87.50% 16 6 62.50% | ||
557 | u2f.c:encode_cred_authdata 37 2 94.59% 82 6 92.68% | ||
558 | u2f.c:cbor_blob_from_ec_point 22 0 100.00% 39 0 100.00% | ||
559 | u2f.c:u2f_authenticate_single 34 2 94.12% 53 4 92.45% | ||
560 | u2f.c:do_auth 50 1 98.00% 72 0 100.00% | ||
561 | u2f.c:parse_auth_reply 23 2 91.30% 29 3 89.66% | ||
562 | u2f.c:authdata_fake 12 0 100.00% 34 0 100.00% | ||
563 | --------------------------------------------------------------------------------------- | ||
564 | TOTAL 436 11 97.48% 686 22 96.79% | ||
diff --git a/fuzz/fuzz_assert.c b/fuzz/fuzz_assert.c new file mode 100644 index 0000000..0395345 --- /dev/null +++ b/fuzz/fuzz_assert.c | |||
@@ -0,0 +1,664 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #include <assert.h> | ||
8 | #include <stdbool.h> | ||
9 | #include <stdint.h> | ||
10 | #include <stdlib.h> | ||
11 | #include <string.h> | ||
12 | #include <stdio.h> | ||
13 | |||
14 | #include "mutator_aux.h" | ||
15 | #include "fido.h" | ||
16 | #include "fido/es256.h" | ||
17 | #include "fido/rs256.h" | ||
18 | #include "fido/eddsa.h" | ||
19 | |||
20 | #include "../openbsd-compat/openbsd-compat.h" | ||
21 | |||
22 | #define TAG_U2F 0x01 | ||
23 | #define TAG_TYPE 0x02 | ||
24 | #define TAG_CDH 0x03 | ||
25 | #define TAG_RP_ID 0x04 | ||
26 | #define TAG_EXT 0x05 | ||
27 | #define TAG_SEED 0x06 | ||
28 | #define TAG_UP 0x07 | ||
29 | #define TAG_UV 0x08 | ||
30 | #define TAG_WIRE_DATA 0x09 | ||
31 | #define TAG_CRED_COUNT 0x0a | ||
32 | #define TAG_CRED 0x0b | ||
33 | #define TAG_ES256 0x0c | ||
34 | #define TAG_RS256 0x0d | ||
35 | #define TAG_PIN 0x0e | ||
36 | #define TAG_EDDSA 0x0f | ||
37 | |||
38 | /* Parameter set defining a FIDO2 get assertion operation. */ | ||
39 | struct param { | ||
40 | char pin[MAXSTR]; | ||
41 | char rp_id[MAXSTR]; | ||
42 | int ext; | ||
43 | int seed; | ||
44 | struct blob cdh; | ||
45 | struct blob cred; | ||
46 | struct blob es256; | ||
47 | struct blob rs256; | ||
48 | struct blob eddsa; | ||
49 | struct blob wire_data; | ||
50 | uint8_t cred_count; | ||
51 | uint8_t type; | ||
52 | uint8_t u2f; | ||
53 | uint8_t up; | ||
54 | uint8_t uv; | ||
55 | }; | ||
56 | |||
57 | /* Example parameters. */ | ||
58 | static const char dummy_rp_id[] = "localhost"; | ||
59 | static const char dummy_pin[] = "9}4gT:8d=A37Dh}U"; | ||
60 | |||
61 | static const uint8_t dummy_cdh[] = { | ||
62 | 0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7, | ||
63 | 0x82, 0x34, 0xaa, 0xca, 0x07, 0xa1, 0xf6, 0x56, | ||
64 | 0x42, 0x1c, 0xb6, 0xf6, 0xb3, 0x00, 0x86, 0x52, | ||
65 | 0x35, 0x2d, 0xa2, 0x62, 0x4a, 0xbe, 0x89, 0x76, | ||
66 | }; | ||
67 | |||
68 | static const uint8_t dummy_es256[] = { | ||
69 | 0xcc, 0x1b, 0x50, 0xac, 0xc4, 0x19, 0xf8, 0x3a, | ||
70 | 0xee, 0x0a, 0x77, 0xd6, 0xf3, 0x53, 0xdb, 0xef, | ||
71 | 0xf2, 0xb9, 0x5c, 0x2d, 0x8b, 0x1e, 0x52, 0x58, | ||
72 | 0x88, 0xf4, 0x0b, 0x85, 0x1f, 0x40, 0x6d, 0x18, | ||
73 | 0x15, 0xb3, 0xcc, 0x25, 0x7c, 0x38, 0x3d, 0xec, | ||
74 | 0xdf, 0xad, 0xbd, 0x46, 0x91, 0xc3, 0xac, 0x30, | ||
75 | 0x94, 0x2a, 0xf7, 0x78, 0x35, 0x70, 0x59, 0x6f, | ||
76 | 0x28, 0xcb, 0x8e, 0x07, 0x85, 0xb5, 0x91, 0x96, | ||
77 | }; | ||
78 | |||
79 | static const uint8_t dummy_rs256[] = { | ||
80 | 0xd2, 0xa8, 0xc0, 0x11, 0x82, 0x9e, 0x57, 0x2e, | ||
81 | 0x60, 0xae, 0x8c, 0xb0, 0x09, 0xe1, 0x58, 0x2b, | ||
82 | 0x99, 0xec, 0xc3, 0x11, 0x1b, 0xef, 0x81, 0x49, | ||
83 | 0x34, 0x53, 0x6a, 0x01, 0x65, 0x2c, 0x24, 0x09, | ||
84 | 0x30, 0x87, 0x98, 0x51, 0x6e, 0x30, 0x4f, 0x60, | ||
85 | 0xbd, 0x54, 0xd2, 0x54, 0xbd, 0x94, 0x42, 0xdd, | ||
86 | 0x63, 0xe5, 0x2c, 0xc6, 0x04, 0x32, 0xc0, 0x8f, | ||
87 | 0x72, 0xd5, 0xb4, 0xf0, 0x4f, 0x42, 0xe5, 0xb0, | ||
88 | 0xa2, 0x95, 0x11, 0xfe, 0xd8, 0xb0, 0x65, 0x34, | ||
89 | 0xff, 0xfb, 0x44, 0x97, 0x52, 0xfc, 0x67, 0x23, | ||
90 | 0x0b, 0xad, 0xf3, 0x3a, 0x82, 0xd4, 0x96, 0x10, | ||
91 | 0x87, 0x6b, 0xfa, 0xd6, 0x51, 0x60, 0x3e, 0x1c, | ||
92 | 0xae, 0x19, 0xb8, 0xce, 0x08, 0xae, 0x9a, 0xee, | ||
93 | 0x78, 0x16, 0x22, 0xcc, 0x92, 0xcb, 0xa8, 0x95, | ||
94 | 0x34, 0xe5, 0xb9, 0x42, 0x6a, 0xf0, 0x2e, 0x82, | ||
95 | 0x1f, 0x4c, 0x7d, 0x84, 0x94, 0x68, 0x7b, 0x97, | ||
96 | 0x2b, 0xf7, 0x7d, 0x67, 0x83, 0xbb, 0xc7, 0x8a, | ||
97 | 0x31, 0x5a, 0xf3, 0x2a, 0x95, 0xdf, 0x63, 0xe7, | ||
98 | 0x4e, 0xee, 0x26, 0xda, 0x87, 0x00, 0xe2, 0x23, | ||
99 | 0x4a, 0x33, 0x9a, 0xa0, 0x1b, 0xce, 0x60, 0x1f, | ||
100 | 0x98, 0xa1, 0xb0, 0xdb, 0xbf, 0x20, 0x59, 0x27, | ||
101 | 0xf2, 0x06, 0xd9, 0xbe, 0x37, 0xa4, 0x03, 0x6b, | ||
102 | 0x6a, 0x4e, 0xaf, 0x22, 0x68, 0xf3, 0xff, 0x28, | ||
103 | 0x59, 0x05, 0xc9, 0xf1, 0x28, 0xf4, 0xbb, 0x35, | ||
104 | 0xe0, 0xc2, 0x68, 0xc2, 0xaa, 0x54, 0xac, 0x8c, | ||
105 | 0xc1, 0x69, 0x9e, 0x4b, 0x32, 0xfc, 0x53, 0x58, | ||
106 | 0x85, 0x7d, 0x3f, 0x51, 0xd1, 0xc9, 0x03, 0x02, | ||
107 | 0x13, 0x61, 0x62, 0xda, 0xf8, 0xfe, 0x3e, 0xc8, | ||
108 | 0x95, 0x12, 0xfb, 0x0c, 0xdf, 0x06, 0x65, 0x6f, | ||
109 | 0x23, 0xc7, 0x83, 0x7c, 0x50, 0x2d, 0x27, 0x25, | ||
110 | 0x4d, 0xbf, 0x94, 0xf0, 0x89, 0x04, 0xb9, 0x2d, | ||
111 | 0xc4, 0xa5, 0x32, 0xa9, 0x25, 0x0a, 0x99, 0x59, | ||
112 | 0x01, 0x00, 0x01, | ||
113 | }; | ||
114 | |||
115 | static const uint8_t dummy_eddsa[] = { | ||
116 | 0xfe, 0x8b, 0x61, 0x50, 0x31, 0x7a, 0xe6, 0xdf, | ||
117 | 0xb1, 0x04, 0x9d, 0x4d, 0xb5, 0x7a, 0x5e, 0x96, | ||
118 | 0x4c, 0xb2, 0xf9, 0x5f, 0x72, 0x47, 0xb5, 0x18, | ||
119 | 0xe2, 0x39, 0xdf, 0x2f, 0x87, 0x19, 0xb3, 0x02, | ||
120 | }; | ||
121 | |||
122 | /* | ||
123 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
124 | * get assertion using the example parameters above. | ||
125 | */ | ||
126 | static const uint8_t dummy_wire_data_fido[] = { | ||
127 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xf7, | ||
128 | 0x6f, 0xda, 0x52, 0xfd, 0xcb, 0xb6, 0x24, 0x00, | ||
129 | 0x92, 0x00, 0x0e, 0x02, 0x05, 0x00, 0x02, 0x05, | ||
130 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
131 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
132 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
133 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
134 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
135 | 0x00, 0x92, 0x00, 0x0e, 0x90, 0x00, 0x51, 0x00, | ||
136 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
137 | 0x20, 0x01, 0x21, 0x58, 0x20, 0xe9, 0x1d, 0x9b, | ||
138 | 0xac, 0x14, 0x25, 0x5f, 0xda, 0x1e, 0x11, 0xdb, | ||
139 | 0xae, 0xc2, 0x90, 0x22, 0xca, 0x32, 0xec, 0x32, | ||
140 | 0xe6, 0x05, 0x15, 0x44, 0xe5, 0xe8, 0xbc, 0x4f, | ||
141 | 0x0a, 0xb6, 0x1a, 0xeb, 0x11, 0x22, 0x58, 0x20, | ||
142 | 0xcc, 0x72, 0xf0, 0x22, 0xe8, 0x28, 0x82, 0xc5, | ||
143 | 0x00, 0x92, 0x00, 0x0e, 0x00, 0xa6, 0x65, 0x6e, | ||
144 | 0xff, 0x1e, 0xe3, 0x7f, 0x27, 0x44, 0x2d, 0xfb, | ||
145 | 0x8d, 0x41, 0xfa, 0x85, 0x0e, 0xcb, 0xda, 0x95, | ||
146 | 0x64, 0x64, 0x9b, 0x1f, 0x34, 0x00, 0x00, 0x00, | ||
147 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
148 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
149 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
150 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
151 | 0x00, 0x92, 0x00, 0x0e, 0x90, 0x00, 0x14, 0x00, | ||
152 | 0xa1, 0x02, 0x50, 0xee, 0x40, 0x4c, 0x85, 0xd7, | ||
153 | 0xa1, 0x2f, 0x56, 0xc4, 0x4e, 0xc5, 0x93, 0x41, | ||
154 | 0xd0, 0x3b, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
155 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
156 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
157 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
158 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
159 | 0x00, 0x92, 0x00, 0x0e, 0x90, 0x00, 0xcb, 0x00, | ||
160 | 0xa3, 0x01, 0xa2, 0x62, 0x69, 0x64, 0x58, 0x40, | ||
161 | 0x4a, 0x4c, 0x9e, 0xcc, 0x81, 0x7d, 0x42, 0x03, | ||
162 | 0x2b, 0x41, 0xd1, 0x38, 0xd3, 0x49, 0xb4, 0xfc, | ||
163 | 0xfb, 0xe4, 0x4e, 0xe4, 0xff, 0x76, 0x34, 0x16, | ||
164 | 0x68, 0x06, 0x9d, 0xa6, 0x01, 0x32, 0xb9, 0xff, | ||
165 | 0xc2, 0x35, 0x0d, 0x89, 0x43, 0x66, 0x12, 0xf8, | ||
166 | 0x8e, 0x5b, 0xde, 0xf4, 0xcc, 0xec, 0x9d, 0x03, | ||
167 | 0x00, 0x92, 0x00, 0x0e, 0x00, 0x85, 0xc2, 0xf5, | ||
168 | 0xe6, 0x8e, 0xeb, 0x3f, 0x3a, 0xec, 0xc3, 0x1d, | ||
169 | 0x04, 0x6e, 0xf3, 0x5b, 0x88, 0x64, 0x74, 0x79, | ||
170 | 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, | ||
171 | 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x02, 0x58, 0x25, | ||
172 | 0x49, 0x96, 0x0d, 0xe5, 0x88, 0x0e, 0x8c, 0x68, | ||
173 | 0x74, 0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, | ||
174 | 0x8f, 0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, | ||
175 | 0x00, 0x92, 0x00, 0x0e, 0x01, 0x99, 0x5c, 0xf3, | ||
176 | 0xba, 0x83, 0x1d, 0x97, 0x63, 0x04, 0x00, 0x00, | ||
177 | 0x00, 0x09, 0x03, 0x58, 0x47, 0x30, 0x45, 0x02, | ||
178 | 0x21, 0x00, 0xcf, 0x3f, 0x36, 0x0e, 0x1f, 0x6f, | ||
179 | 0xd6, 0xa0, 0x9d, 0x13, 0xcf, 0x55, 0xf7, 0x49, | ||
180 | 0x8f, 0xc8, 0xc9, 0x03, 0x12, 0x76, 0x41, 0x75, | ||
181 | 0x7b, 0xb5, 0x0a, 0x90, 0xa5, 0x82, 0x26, 0xf1, | ||
182 | 0x6b, 0x80, 0x02, 0x20, 0x34, 0x9b, 0x7a, 0x82, | ||
183 | 0x00, 0x92, 0x00, 0x0e, 0x02, 0xd3, 0xe1, 0x79, | ||
184 | 0x49, 0x55, 0x41, 0x9f, 0xa4, 0x06, 0x06, 0xbd, | ||
185 | 0xc8, 0xb9, 0x2b, 0x5f, 0xe1, 0xa7, 0x99, 0x1c, | ||
186 | 0xa1, 0xfc, 0x7e, 0x3e, 0xd5, 0x85, 0x2e, 0x11, | ||
187 | 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
188 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
189 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
190 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
191 | }; | ||
192 | |||
193 | /* | ||
194 | * Collection of HID reports from an authenticator issued with a U2F | ||
195 | * authentication using the example parameters above. | ||
196 | */ | ||
197 | static const uint8_t dummy_wire_data_u2f[] = { | ||
198 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x0f, | ||
199 | 0x26, 0x9c, 0xd3, 0x87, 0x0d, 0x7b, 0xf6, 0x00, | ||
200 | 0x00, 0x99, 0x01, 0x02, 0x01, 0x01, 0x00, 0x01, | ||
201 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
202 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
203 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
204 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
205 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
206 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
207 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
208 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
209 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
210 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
211 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
212 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
213 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
214 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
215 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
216 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
217 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
218 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
219 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
220 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
221 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
222 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
223 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
224 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
225 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
226 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
227 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
228 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
229 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
230 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
231 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
232 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
233 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
234 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
235 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
236 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
237 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
238 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
239 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
240 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
241 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
242 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
243 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
244 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
245 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
246 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
247 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
248 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
249 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
250 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
251 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
252 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
253 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
254 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
255 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
256 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
257 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
258 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
259 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
260 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
261 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
262 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
263 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
264 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
265 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
266 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
267 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
268 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
269 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
270 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
271 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
272 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
273 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
274 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
275 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
276 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
277 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
278 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x4e, 0x01, | ||
279 | 0x00, 0x00, 0x00, 0x2c, 0x30, 0x45, 0x02, 0x20, | ||
280 | 0x1c, 0xf5, 0x7c, 0xf6, 0xde, 0xbe, 0xe9, 0x86, | ||
281 | 0xee, 0x97, 0xb7, 0x64, 0xa3, 0x4e, 0x7a, 0x70, | ||
282 | 0x85, 0xd0, 0x66, 0xf9, 0xf0, 0xcd, 0x04, 0x5d, | ||
283 | 0x97, 0xf2, 0x3c, 0x22, 0xe3, 0x0e, 0x61, 0xc8, | ||
284 | 0x02, 0x21, 0x00, 0x97, 0xef, 0xae, 0x36, 0xe6, | ||
285 | 0x17, 0x9f, 0x5e, 0x2d, 0xd7, 0x8c, 0x34, 0xa7, | ||
286 | 0x00, 0x00, 0x99, 0x01, 0x00, 0xa1, 0xe9, 0xfb, | ||
287 | 0x8f, 0x86, 0x8c, 0xe3, 0x1e, 0xde, 0x3f, 0x4e, | ||
288 | 0x1b, 0xe1, 0x2f, 0x8f, 0x2f, 0xca, 0x42, 0x26, | ||
289 | 0x90, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
290 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
291 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
292 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
293 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
294 | }; | ||
295 | |||
296 | int LLVMFuzzerTestOneInput(const uint8_t *, size_t); | ||
297 | size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); | ||
298 | |||
299 | static int | ||
300 | unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN | ||
301 | { | ||
302 | uint8_t **pp = (void *)&ptr; | ||
303 | |||
304 | if (unpack_byte(TAG_UV, pp, &len, &p->uv) < 0 || | ||
305 | unpack_byte(TAG_UP, pp, &len, &p->up) < 0 || | ||
306 | unpack_byte(TAG_U2F, pp, &len, &p->u2f) < 0 || | ||
307 | unpack_byte(TAG_TYPE, pp, &len, &p->type) < 0 || | ||
308 | unpack_byte(TAG_CRED_COUNT, pp, &len, &p->cred_count) < 0 || | ||
309 | unpack_int(TAG_EXT, pp, &len, &p->ext) < 0 || | ||
310 | unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || | ||
311 | unpack_string(TAG_RP_ID, pp, &len, p->rp_id) < 0 || | ||
312 | unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || | ||
313 | unpack_blob(TAG_WIRE_DATA, pp, &len, &p->wire_data) < 0 || | ||
314 | unpack_blob(TAG_RS256, pp, &len, &p->rs256) < 0 || | ||
315 | unpack_blob(TAG_ES256, pp, &len, &p->es256) < 0 || | ||
316 | unpack_blob(TAG_EDDSA, pp, &len, &p->eddsa) < 0 || | ||
317 | unpack_blob(TAG_CRED, pp, &len, &p->cred) < 0 || | ||
318 | unpack_blob(TAG_CDH, pp, &len, &p->cdh) < 0) | ||
319 | return (-1); | ||
320 | |||
321 | return (0); | ||
322 | } | ||
323 | |||
324 | static size_t | ||
325 | pack(uint8_t *ptr, size_t len, const struct param *p) | ||
326 | { | ||
327 | const size_t max = len; | ||
328 | |||
329 | if (pack_byte(TAG_UV, &ptr, &len, p->uv) < 0 || | ||
330 | pack_byte(TAG_UP, &ptr, &len, p->up) < 0 || | ||
331 | pack_byte(TAG_U2F, &ptr, &len, p->u2f) < 0 || | ||
332 | pack_byte(TAG_TYPE, &ptr, &len, p->type) < 0 || | ||
333 | pack_byte(TAG_CRED_COUNT, &ptr, &len, p->cred_count) < 0 || | ||
334 | pack_int(TAG_EXT, &ptr, &len, p->ext) < 0 || | ||
335 | pack_int(TAG_SEED, &ptr, &len, p->seed) < 0 || | ||
336 | pack_string(TAG_RP_ID, &ptr, &len, p->rp_id) < 0 || | ||
337 | pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || | ||
338 | pack_blob(TAG_WIRE_DATA, &ptr, &len, &p->wire_data) < 0 || | ||
339 | pack_blob(TAG_RS256, &ptr, &len, &p->rs256) < 0 || | ||
340 | pack_blob(TAG_ES256, &ptr, &len, &p->es256) < 0 || | ||
341 | pack_blob(TAG_EDDSA, &ptr, &len, &p->eddsa) < 0 || | ||
342 | pack_blob(TAG_CRED, &ptr, &len, &p->cred) < 0 || | ||
343 | pack_blob(TAG_CDH, &ptr, &len, &p->cdh) < 0) | ||
344 | return (0); | ||
345 | |||
346 | return (max - len); | ||
347 | } | ||
348 | |||
349 | static void | ||
350 | get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh, | ||
351 | const char *rp_id, int ext, uint8_t up, uint8_t uv, const char *pin, | ||
352 | uint8_t cred_count, struct blob *cred) | ||
353 | { | ||
354 | fido_dev_t *dev; | ||
355 | fido_dev_io_t io; | ||
356 | |||
357 | io.open = dev_open; | ||
358 | io.close = dev_close; | ||
359 | io.read = dev_read; | ||
360 | io.write = dev_write; | ||
361 | |||
362 | if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev, | ||
363 | &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) { | ||
364 | fido_dev_free(&dev); | ||
365 | return; | ||
366 | } | ||
367 | |||
368 | if (u2f & 1) | ||
369 | fido_dev_force_u2f(dev); | ||
370 | |||
371 | for (uint8_t i = 0; i < cred_count; i++) | ||
372 | fido_assert_allow_cred(assert, cred->body, cred->len); | ||
373 | |||
374 | fido_assert_set_clientdata_hash(assert, cdh->body, cdh->len); | ||
375 | fido_assert_set_rp(assert, rp_id); | ||
376 | if (ext & 1) | ||
377 | fido_assert_set_extensions(assert, FIDO_EXT_HMAC_SECRET); | ||
378 | if (up & 1) | ||
379 | fido_assert_set_up(assert, FIDO_OPT_TRUE); | ||
380 | if (uv & 1) | ||
381 | fido_assert_set_uv(assert, FIDO_OPT_TRUE); | ||
382 | /* XXX reuse cred as hmac salt to keep struct param small */ | ||
383 | fido_assert_set_hmac_salt(assert, cred->body, cred->len); | ||
384 | |||
385 | fido_dev_get_assert(dev, assert, u2f & 1 ? NULL : pin); | ||
386 | |||
387 | fido_dev_cancel(dev); | ||
388 | fido_dev_close(dev); | ||
389 | fido_dev_free(&dev); | ||
390 | } | ||
391 | |||
392 | static void | ||
393 | verify_assert(int type, const unsigned char *cdh_ptr, size_t cdh_len, | ||
394 | const char *rp_id, const unsigned char *authdata_ptr, size_t authdata_len, | ||
395 | const unsigned char *sig_ptr, size_t sig_len, uint8_t up, uint8_t uv, | ||
396 | int ext, void *pk) | ||
397 | { | ||
398 | fido_assert_t *assert = NULL; | ||
399 | |||
400 | if ((assert = fido_assert_new()) == NULL) | ||
401 | return; | ||
402 | |||
403 | fido_assert_set_clientdata_hash(assert, cdh_ptr, cdh_len); | ||
404 | fido_assert_set_rp(assert, rp_id); | ||
405 | fido_assert_set_count(assert, 1); | ||
406 | if (fido_assert_set_authdata(assert, 0, authdata_ptr, | ||
407 | authdata_len) != FIDO_OK) { | ||
408 | fido_assert_set_authdata_raw(assert, 0, authdata_ptr, | ||
409 | authdata_len); | ||
410 | } | ||
411 | fido_assert_set_extensions(assert, ext); | ||
412 | if (up & 1) fido_assert_set_up(assert, FIDO_OPT_TRUE); | ||
413 | if (uv & 1) fido_assert_set_uv(assert, FIDO_OPT_TRUE); | ||
414 | fido_assert_set_sig(assert, 0, sig_ptr, sig_len); | ||
415 | fido_assert_verify(assert, 0, type, pk); | ||
416 | |||
417 | fido_assert_free(&assert); | ||
418 | } | ||
419 | |||
420 | /* | ||
421 | * Do a dummy conversion to exercise rs256_pk_from_RSA(). | ||
422 | */ | ||
423 | static void | ||
424 | rs256_convert(const rs256_pk_t *k) | ||
425 | { | ||
426 | EVP_PKEY *pkey = NULL; | ||
427 | rs256_pk_t *pk = NULL; | ||
428 | RSA *rsa = NULL; | ||
429 | volatile int r; | ||
430 | |||
431 | if ((pkey = rs256_pk_to_EVP_PKEY(k)) == NULL || | ||
432 | (pk = rs256_pk_new()) == NULL || | ||
433 | (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) | ||
434 | goto out; | ||
435 | |||
436 | r = rs256_pk_from_RSA(pk, rsa); | ||
437 | out: | ||
438 | if (pk) | ||
439 | rs256_pk_free(&pk); | ||
440 | if (pkey) | ||
441 | EVP_PKEY_free(pkey); | ||
442 | } | ||
443 | |||
444 | /* | ||
445 | * Do a dummy conversion to exercise eddsa_pk_from_EVP_PKEY(). | ||
446 | */ | ||
447 | static void | ||
448 | eddsa_convert(const eddsa_pk_t *k) | ||
449 | { | ||
450 | EVP_PKEY *pkey = NULL; | ||
451 | eddsa_pk_t *pk = NULL; | ||
452 | volatile int r; | ||
453 | |||
454 | if ((pkey = eddsa_pk_to_EVP_PKEY(k)) == NULL || | ||
455 | (pk = eddsa_pk_new()) == NULL) | ||
456 | goto out; | ||
457 | |||
458 | r = eddsa_pk_from_EVP_PKEY(pk, pkey); | ||
459 | out: | ||
460 | if (pk) | ||
461 | eddsa_pk_free(&pk); | ||
462 | if (pkey) | ||
463 | EVP_PKEY_free(pkey); | ||
464 | } | ||
465 | |||
466 | int | ||
467 | LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
468 | { | ||
469 | struct param p; | ||
470 | fido_assert_t *assert = NULL; | ||
471 | es256_pk_t *es256_pk = NULL; | ||
472 | rs256_pk_t *rs256_pk = NULL; | ||
473 | eddsa_pk_t *eddsa_pk = NULL; | ||
474 | uint8_t flags; | ||
475 | uint32_t sigcount; | ||
476 | int cose_alg = 0; | ||
477 | void *pk; | ||
478 | |||
479 | memset(&p, 0, sizeof(p)); | ||
480 | |||
481 | if (unpack(data, size, &p) < 0) | ||
482 | return (0); | ||
483 | |||
484 | srandom((unsigned int)p.seed); | ||
485 | |||
486 | fido_init(0); | ||
487 | |||
488 | switch (p.type & 3) { | ||
489 | case 0: | ||
490 | cose_alg = COSE_ES256; | ||
491 | |||
492 | if ((es256_pk = es256_pk_new()) == NULL) | ||
493 | return (0); | ||
494 | |||
495 | es256_pk_from_ptr(es256_pk, p.es256.body, p.es256.len); | ||
496 | pk = es256_pk; | ||
497 | |||
498 | break; | ||
499 | case 1: | ||
500 | cose_alg = COSE_RS256; | ||
501 | |||
502 | if ((rs256_pk = rs256_pk_new()) == NULL) | ||
503 | return (0); | ||
504 | |||
505 | rs256_pk_from_ptr(rs256_pk, p.rs256.body, p.rs256.len); | ||
506 | pk = rs256_pk; | ||
507 | |||
508 | rs256_convert(pk); | ||
509 | |||
510 | break; | ||
511 | default: | ||
512 | cose_alg = COSE_EDDSA; | ||
513 | |||
514 | if ((eddsa_pk = eddsa_pk_new()) == NULL) | ||
515 | return (0); | ||
516 | |||
517 | eddsa_pk_from_ptr(eddsa_pk, p.eddsa.body, p.eddsa.len); | ||
518 | pk = eddsa_pk; | ||
519 | |||
520 | eddsa_convert(pk); | ||
521 | |||
522 | break; | ||
523 | } | ||
524 | |||
525 | if ((assert = fido_assert_new()) == NULL) | ||
526 | goto out; | ||
527 | |||
528 | set_wire_data(p.wire_data.body, p.wire_data.len); | ||
529 | |||
530 | get_assert(assert, p.u2f, &p.cdh, p.rp_id, p.ext, p.up, p.uv, p.pin, | ||
531 | p.cred_count, &p.cred); | ||
532 | |||
533 | /* XXX +1 on purpose */ | ||
534 | for (size_t i = 0; i <= fido_assert_count(assert); i++) { | ||
535 | verify_assert(cose_alg, | ||
536 | fido_assert_clientdata_hash_ptr(assert), | ||
537 | fido_assert_clientdata_hash_len(assert), | ||
538 | fido_assert_rp_id(assert), | ||
539 | fido_assert_authdata_ptr(assert, i), | ||
540 | fido_assert_authdata_len(assert, i), | ||
541 | fido_assert_sig_ptr(assert, i), | ||
542 | fido_assert_sig_len(assert, i), p.up, p.uv, p.ext, pk); | ||
543 | consume(fido_assert_id_ptr(assert, i), | ||
544 | fido_assert_id_len(assert, i)); | ||
545 | consume(fido_assert_user_id_ptr(assert, i), | ||
546 | fido_assert_user_id_len(assert, i)); | ||
547 | consume(fido_assert_hmac_secret_ptr(assert, i), | ||
548 | fido_assert_hmac_secret_len(assert, i)); | ||
549 | consume(fido_assert_user_icon(assert, i), | ||
550 | xstrlen(fido_assert_user_icon(assert, i))); | ||
551 | consume(fido_assert_user_name(assert, i), | ||
552 | xstrlen(fido_assert_user_name(assert, i))); | ||
553 | consume(fido_assert_user_display_name(assert, i), | ||
554 | xstrlen(fido_assert_user_display_name(assert, i))); | ||
555 | flags = fido_assert_flags(assert, i); | ||
556 | consume(&flags, sizeof(flags)); | ||
557 | sigcount = fido_assert_sigcount(assert, i); | ||
558 | consume(&sigcount, sizeof(sigcount)); | ||
559 | } | ||
560 | |||
561 | out: | ||
562 | es256_pk_free(&es256_pk); | ||
563 | rs256_pk_free(&rs256_pk); | ||
564 | eddsa_pk_free(&eddsa_pk); | ||
565 | |||
566 | fido_assert_free(&assert); | ||
567 | |||
568 | return (0); | ||
569 | } | ||
570 | |||
571 | static size_t | ||
572 | pack_dummy(uint8_t *ptr, size_t len) | ||
573 | { | ||
574 | struct param dummy; | ||
575 | uint8_t blob[16384]; | ||
576 | size_t blob_len; | ||
577 | |||
578 | memset(&dummy, 0, sizeof(dummy)); | ||
579 | |||
580 | dummy.type = 1; | ||
581 | dummy.ext = FIDO_EXT_HMAC_SECRET; | ||
582 | |||
583 | strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin)); | ||
584 | strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id)); | ||
585 | |||
586 | dummy.cdh.len = sizeof(dummy_cdh); | ||
587 | dummy.es256.len = sizeof(dummy_es256); | ||
588 | dummy.rs256.len = sizeof(dummy_rs256); | ||
589 | dummy.eddsa.len = sizeof(dummy_eddsa); | ||
590 | dummy.wire_data.len = sizeof(dummy_wire_data_fido); | ||
591 | |||
592 | memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len); | ||
593 | memcpy(&dummy.wire_data.body, &dummy_wire_data_fido, | ||
594 | dummy.wire_data.len); | ||
595 | memcpy(&dummy.es256.body, &dummy_es256, dummy.es256.len); | ||
596 | memcpy(&dummy.rs256.body, &dummy_rs256, dummy.rs256.len); | ||
597 | memcpy(&dummy.eddsa.body, &dummy_eddsa, dummy.eddsa.len); | ||
598 | |||
599 | blob_len = pack(blob, sizeof(blob), &dummy); | ||
600 | assert(blob_len != 0); | ||
601 | |||
602 | if (blob_len > len) { | ||
603 | memcpy(ptr, blob, len); | ||
604 | return (len); | ||
605 | } | ||
606 | |||
607 | memcpy(ptr, blob, blob_len); | ||
608 | |||
609 | return (blob_len); | ||
610 | } | ||
611 | |||
612 | size_t | ||
613 | LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, | ||
614 | unsigned int seed) NO_MSAN | ||
615 | { | ||
616 | struct param p; | ||
617 | uint8_t blob[16384]; | ||
618 | size_t blob_len; | ||
619 | |||
620 | (void)seed; | ||
621 | |||
622 | memset(&p, 0, sizeof(p)); | ||
623 | |||
624 | if (unpack(data, size, &p) < 0) | ||
625 | return (pack_dummy(data, maxsize)); | ||
626 | |||
627 | mutate_byte(&p.uv); | ||
628 | mutate_byte(&p.up); | ||
629 | mutate_byte(&p.u2f); | ||
630 | mutate_byte(&p.type); | ||
631 | mutate_byte(&p.cred_count); | ||
632 | |||
633 | mutate_int(&p.ext); | ||
634 | p.seed = (int)seed; | ||
635 | |||
636 | if (p.u2f & 1) { | ||
637 | p.wire_data.len = sizeof(dummy_wire_data_u2f); | ||
638 | memcpy(&p.wire_data.body, &dummy_wire_data_u2f, | ||
639 | p.wire_data.len); | ||
640 | } else { | ||
641 | p.wire_data.len = sizeof(dummy_wire_data_fido); | ||
642 | memcpy(&p.wire_data.body, &dummy_wire_data_fido, | ||
643 | p.wire_data.len); | ||
644 | } | ||
645 | |||
646 | mutate_blob(&p.wire_data); | ||
647 | mutate_blob(&p.rs256); | ||
648 | mutate_blob(&p.es256); | ||
649 | mutate_blob(&p.eddsa); | ||
650 | mutate_blob(&p.cred); | ||
651 | mutate_blob(&p.cdh); | ||
652 | |||
653 | mutate_string(p.rp_id); | ||
654 | mutate_string(p.pin); | ||
655 | |||
656 | blob_len = pack(blob, sizeof(blob), &p); | ||
657 | |||
658 | if (blob_len == 0 || blob_len > maxsize) | ||
659 | return (0); | ||
660 | |||
661 | memcpy(data, blob, blob_len); | ||
662 | |||
663 | return (blob_len); | ||
664 | } | ||
diff --git a/fuzz/fuzz_bio.c b/fuzz/fuzz_bio.c new file mode 100644 index 0000000..f1596a7 --- /dev/null +++ b/fuzz/fuzz_bio.c | |||
@@ -0,0 +1,755 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #include <assert.h> | ||
8 | #include <stdint.h> | ||
9 | #include <stdlib.h> | ||
10 | #include <string.h> | ||
11 | #include <stdio.h> | ||
12 | |||
13 | #include "mutator_aux.h" | ||
14 | #include "fido.h" | ||
15 | #include "fido/bio.h" | ||
16 | |||
17 | #include "../openbsd-compat/openbsd-compat.h" | ||
18 | |||
19 | #define TAG_PIN 0x01 | ||
20 | #define TAG_NAME 0x02 | ||
21 | #define TAG_SEED 0x03 | ||
22 | #define TAG_ID 0x04 | ||
23 | #define TAG_INFO_WIRE_DATA 0x05 | ||
24 | #define TAG_ENROLL_WIRE_DATA 0x06 | ||
25 | #define TAG_LIST_WIRE_DATA 0x07 | ||
26 | #define TAG_SET_NAME_WIRE_DATA 0x08 | ||
27 | #define TAG_REMOVE_WIRE_DATA 0x09 | ||
28 | |||
29 | /* Parameter set defining a FIDO2 credential management operation. */ | ||
30 | struct param { | ||
31 | char pin[MAXSTR]; | ||
32 | char name[MAXSTR]; | ||
33 | int seed; | ||
34 | struct blob id; | ||
35 | struct blob info_wire_data; | ||
36 | struct blob enroll_wire_data; | ||
37 | struct blob list_wire_data; | ||
38 | struct blob set_name_wire_data; | ||
39 | struct blob remove_wire_data; | ||
40 | }; | ||
41 | |||
42 | /* Example parameters. */ | ||
43 | static const uint8_t dummy_id[] = { 0x5e, 0xd2, }; | ||
44 | static const char dummy_pin[] = "3Q;I){TAx"; | ||
45 | static const char dummy_name[] = "finger1"; | ||
46 | |||
47 | /* | ||
48 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
49 | * 'getFingerprintSensorInfo' bio enrollment command. | ||
50 | */ | ||
51 | static const uint8_t dummy_info_wire_data[] = { | ||
52 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xf0, | ||
53 | 0x08, 0xc1, 0x8f, 0x76, 0x4b, 0x8f, 0xa9, 0x00, | ||
54 | 0x10, 0x00, 0x04, 0x02, 0x00, 0x04, 0x06, 0x05, | ||
55 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
56 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
57 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
58 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
59 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
60 | 0x00, 0x10, 0x00, 0x04, 0x90, 0x00, 0x06, 0x00, | ||
61 | 0xa2, 0x02, 0x01, 0x03, 0x04, 0x00, 0x00, 0x00, | ||
62 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
63 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
64 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
65 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
66 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
67 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
68 | }; | ||
69 | |||
70 | /* | ||
71 | * Collection of HID reports from an authenticator issued with FIDO2 | ||
72 | * 'enrollBegin' + 'enrollCaptureNextSample' bio enrollment commands. | ||
73 | */ | ||
74 | static const uint8_t dummy_enroll_wire_data[] = { | ||
75 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x06, | ||
76 | 0xb4, 0xba, 0x2e, 0xb3, 0x88, 0x24, 0x38, 0x00, | ||
77 | 0x0a, 0x00, 0x05, 0x02, 0x00, 0x04, 0x06, 0x05, | ||
78 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
79 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
80 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
81 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
82 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
83 | 0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x51, 0x00, | ||
84 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
85 | 0x20, 0x01, 0x21, 0x58, 0x20, 0xc9, 0x12, 0x01, | ||
86 | 0xab, 0x88, 0xd7, 0x0a, 0x24, 0xdd, 0xdc, 0xde, | ||
87 | 0x16, 0x27, 0x50, 0x77, 0x37, 0x06, 0xd3, 0x48, | ||
88 | 0xe6, 0xf9, 0xdb, 0xaa, 0x10, 0x83, 0x81, 0xac, | ||
89 | 0x13, 0x3c, 0xf9, 0x77, 0x2d, 0x22, 0x58, 0x20, | ||
90 | 0xda, 0x20, 0x71, 0x03, 0x01, 0x40, 0xac, 0xd0, | ||
91 | 0x00, 0x0a, 0x00, 0x05, 0x00, 0xb8, 0xdf, 0x2a, | ||
92 | 0x95, 0xd3, 0x88, 0x1c, 0x06, 0x34, 0x30, 0xf1, | ||
93 | 0xf3, 0xcd, 0x27, 0x40, 0x90, 0x5c, 0xc6, 0x74, | ||
94 | 0x66, 0xff, 0x10, 0xde, 0xb6, 0x00, 0x00, 0x00, | ||
95 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
96 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
97 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
98 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
99 | 0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x14, 0x00, | ||
100 | 0xa1, 0x02, 0x50, 0x18, 0x81, 0xff, 0xf2, 0xf5, | ||
101 | 0xde, 0x74, 0x43, 0xd5, 0xe0, 0x77, 0x37, 0x6b, | ||
102 | 0x6c, 0x18, 0x6b, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
103 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
104 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
105 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
106 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
107 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
108 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
109 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
110 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
111 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
112 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
113 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
114 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
115 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
116 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
117 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
118 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
119 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
120 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
121 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
122 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
123 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
124 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
125 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
126 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
127 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
128 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
129 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
130 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
131 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
132 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
133 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
134 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
135 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
136 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
137 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
138 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
139 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
140 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
141 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
142 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
143 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
144 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
145 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
146 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
147 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
148 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
149 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
150 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
151 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
152 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
153 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
154 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
155 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
156 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
157 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
158 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
159 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
160 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
161 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
162 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
163 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
164 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
165 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
166 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
167 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
168 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
169 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
170 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
171 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
172 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
173 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
174 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
175 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
176 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
177 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
178 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
179 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
180 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
181 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
182 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
183 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
184 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
185 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
186 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
187 | 0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x0a, 0x00, | ||
188 | 0xa3, 0x04, 0x42, 0x68, 0x96, 0x05, 0x00, 0x06, | ||
189 | 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
190 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
191 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
192 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
193 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
194 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
195 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
196 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
197 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
198 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
199 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
200 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
201 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
202 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
203 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
204 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
205 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
206 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
207 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
208 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
209 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
210 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
211 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
212 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
213 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
214 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
215 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
216 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
217 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
218 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
219 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
220 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
221 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
222 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
223 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
224 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
225 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
226 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
227 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
228 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
229 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
230 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
231 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
232 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
233 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
234 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
235 | 0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x06, 0x00, | ||
236 | 0xa2, 0x05, 0x00, 0x06, 0x01, 0x00, 0x00, 0x00, | ||
237 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
238 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
239 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
240 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
241 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
242 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
243 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
244 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
245 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
246 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
247 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
248 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
249 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
250 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
251 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
252 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
253 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
254 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
255 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
256 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
257 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
258 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
259 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
260 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
261 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
262 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
263 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
264 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
265 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
266 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
267 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
268 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
269 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
270 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
271 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
272 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
273 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
274 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
275 | 0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, | ||
276 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
277 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
278 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
279 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
280 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
281 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
282 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
283 | 0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x06, 0x00, | ||
284 | 0xa2, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, | ||
285 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
286 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
287 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
288 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
289 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
290 | }; | ||
291 | |||
292 | /* | ||
293 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
294 | * 'enumerateEnrollments' bio enrollment command. | ||
295 | */ | ||
296 | static const uint8_t dummy_list_wire_data[] = { | ||
297 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xae, | ||
298 | 0x21, 0x88, 0x51, 0x09, 0x6f, 0xd7, 0xbb, 0x00, | ||
299 | 0x10, 0x00, 0x0f, 0x02, 0x00, 0x04, 0x06, 0x05, | ||
300 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
301 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
302 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
303 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
304 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
305 | 0x00, 0x10, 0x00, 0x0f, 0x90, 0x00, 0x51, 0x00, | ||
306 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
307 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x5a, 0x70, 0x63, | ||
308 | 0x11, 0x5b, 0xa6, 0xe1, 0x8e, 0x4a, 0xb0, 0x75, | ||
309 | 0xe7, 0xfd, 0x39, 0x26, 0x29, 0xed, 0x69, 0xb0, | ||
310 | 0xc1, 0x1f, 0xa5, 0x7d, 0xcb, 0x64, 0x1e, 0x7c, | ||
311 | 0x9f, 0x60, 0x5e, 0xb2, 0xf8, 0x22, 0x58, 0x20, | ||
312 | 0xec, 0xe9, 0x1b, 0x11, 0xac, 0x2a, 0x0d, 0xd5, | ||
313 | 0x00, 0x10, 0x00, 0x0f, 0x00, 0x3b, 0x9f, 0xba, | ||
314 | 0x0f, 0x25, 0xd5, 0x24, 0x33, 0x4c, 0x5d, 0x0f, | ||
315 | 0x63, 0xbf, 0xf1, 0xf3, 0x64, 0x55, 0x78, 0x1a, | ||
316 | 0x59, 0x6e, 0x65, 0x59, 0xfc, 0x00, 0x00, 0x00, | ||
317 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
318 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
319 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
320 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
321 | 0x00, 0x10, 0x00, 0x0f, 0x90, 0x00, 0x14, 0x00, | ||
322 | 0xa1, 0x02, 0x50, 0xb9, 0x31, 0x34, 0xe2, 0x71, | ||
323 | 0x6a, 0x8e, 0xa3, 0x60, 0xec, 0x5e, 0xd2, 0x13, | ||
324 | 0x2e, 0x19, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
325 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
326 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
327 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
328 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
329 | 0x00, 0x10, 0x00, 0x0f, 0x90, 0x00, 0x2e, 0x00, | ||
330 | 0xa1, 0x07, 0x83, 0xa2, 0x01, 0x42, 0xce, 0xa3, | ||
331 | 0x02, 0x67, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, | ||
332 | 0x31, 0xa2, 0x01, 0x42, 0xbf, 0x5e, 0x02, 0x67, | ||
333 | 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x32, 0xa2, | ||
334 | 0x01, 0x42, 0x5e, 0xd2, 0x02, 0x67, 0x66, 0x69, | ||
335 | 0x6e, 0x67, 0x65, 0x72, 0x33, 0x00, 0x00, 0x00, | ||
336 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
337 | }; | ||
338 | |||
339 | /* | ||
340 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
341 | * 'setFriendlyName' bio enrollment command. | ||
342 | */ | ||
343 | static const uint8_t dummy_set_name_wire_data[] = { | ||
344 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xac, | ||
345 | 0x48, 0xfd, 0xbd, 0xdd, 0x36, 0x24, 0x4d, 0x00, | ||
346 | 0x10, 0x00, 0x10, 0x02, 0x00, 0x04, 0x06, 0x05, | ||
347 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
348 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
349 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
350 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
351 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
352 | 0x00, 0x10, 0x00, 0x10, 0x90, 0x00, 0x51, 0x00, | ||
353 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
354 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x5a, 0x70, 0x63, | ||
355 | 0x11, 0x5b, 0xa6, 0xe1, 0x8e, 0x4a, 0xb0, 0x75, | ||
356 | 0xe7, 0xfd, 0x39, 0x26, 0x29, 0xed, 0x69, 0xb0, | ||
357 | 0xc1, 0x1f, 0xa5, 0x7d, 0xcb, 0x64, 0x1e, 0x7c, | ||
358 | 0x9f, 0x60, 0x5e, 0xb2, 0xf8, 0x22, 0x58, 0x20, | ||
359 | 0xec, 0xe9, 0x1b, 0x11, 0xac, 0x2a, 0x0d, 0xd5, | ||
360 | 0x00, 0x10, 0x00, 0x10, 0x00, 0x3b, 0x9f, 0xba, | ||
361 | 0x0f, 0x25, 0xd5, 0x24, 0x33, 0x4c, 0x5d, 0x0f, | ||
362 | 0x63, 0xbf, 0xf1, 0xf3, 0x64, 0x55, 0x78, 0x1a, | ||
363 | 0x59, 0x6e, 0x65, 0x59, 0xfc, 0x00, 0x00, 0x00, | ||
364 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
365 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
366 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
367 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
368 | 0x00, 0x10, 0x00, 0x10, 0x90, 0x00, 0x14, 0x00, | ||
369 | 0xa1, 0x02, 0x50, 0x40, 0x95, 0xf3, 0xcb, 0xae, | ||
370 | 0xf2, 0x8d, 0xd9, 0xe0, 0xe0, 0x8a, 0xbd, 0xc3, | ||
371 | 0x03, 0x58, 0x49, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
372 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
373 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
374 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
375 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
376 | 0x00, 0x10, 0x00, 0x10, 0x90, 0x00, 0x01, 0x00, | ||
377 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
378 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
379 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
380 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
381 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
382 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
383 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
384 | }; | ||
385 | |||
386 | /* | ||
387 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
388 | * 'removeEnrollment' bio enrollment command. | ||
389 | */ | ||
390 | static const uint8_t dummy_remove_wire_data[] = { | ||
391 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x4b, | ||
392 | 0x24, 0xde, 0xd9, 0x06, 0x57, 0x1a, 0xbd, 0x00, | ||
393 | 0x10, 0x00, 0x15, 0x02, 0x00, 0x04, 0x06, 0x05, | ||
394 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
395 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
396 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
397 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
398 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
399 | 0x00, 0x10, 0x00, 0x15, 0x90, 0x00, 0x51, 0x00, | ||
400 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
401 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x5a, 0x70, 0x63, | ||
402 | 0x11, 0x5b, 0xa6, 0xe1, 0x8e, 0x4a, 0xb0, 0x75, | ||
403 | 0xe7, 0xfd, 0x39, 0x26, 0x29, 0xed, 0x69, 0xb0, | ||
404 | 0xc1, 0x1f, 0xa5, 0x7d, 0xcb, 0x64, 0x1e, 0x7c, | ||
405 | 0x9f, 0x60, 0x5e, 0xb2, 0xf8, 0x22, 0x58, 0x20, | ||
406 | 0xec, 0xe9, 0x1b, 0x11, 0xac, 0x2a, 0x0d, 0xd5, | ||
407 | 0x00, 0x10, 0x00, 0x15, 0x00, 0x3b, 0x9f, 0xba, | ||
408 | 0x0f, 0x25, 0xd5, 0x24, 0x33, 0x4c, 0x5d, 0x0f, | ||
409 | 0x63, 0xbf, 0xf1, 0xf3, 0x64, 0x55, 0x78, 0x1a, | ||
410 | 0x59, 0x6e, 0x65, 0x59, 0xfc, 0x00, 0x00, 0x00, | ||
411 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
412 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
413 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
414 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
415 | 0x00, 0x10, 0x00, 0x15, 0x90, 0x00, 0x14, 0x00, | ||
416 | 0xa1, 0x02, 0x50, 0xb0, 0xd0, 0x71, 0x2f, 0xa7, | ||
417 | 0x8b, 0x89, 0xbd, 0xca, 0xa4, 0x1e, 0x6c, 0x43, | ||
418 | 0xa1, 0x71, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
419 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
420 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
421 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
422 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
423 | 0x00, 0x10, 0x00, 0x15, 0x90, 0x00, 0x01, 0x00, | ||
424 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
425 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
426 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
427 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
428 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
429 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
430 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
431 | }; | ||
432 | |||
433 | int LLVMFuzzerTestOneInput(const uint8_t *, size_t); | ||
434 | size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); | ||
435 | |||
436 | static int | ||
437 | unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN | ||
438 | { | ||
439 | uint8_t **pp = (void *)&ptr; | ||
440 | |||
441 | if (unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || | ||
442 | unpack_string(TAG_NAME, pp, &len, p->name) < 0 || | ||
443 | unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || | ||
444 | unpack_blob(TAG_ID, pp, &len, &p->id) < 0 || | ||
445 | unpack_blob(TAG_INFO_WIRE_DATA, pp, &len, &p->info_wire_data) < 0 || | ||
446 | unpack_blob(TAG_ENROLL_WIRE_DATA, pp, &len, &p->enroll_wire_data) < 0 || | ||
447 | unpack_blob(TAG_LIST_WIRE_DATA, pp, &len, &p->list_wire_data) < 0 || | ||
448 | unpack_blob(TAG_SET_NAME_WIRE_DATA, pp, &len, &p->set_name_wire_data) < 0 || | ||
449 | unpack_blob(TAG_REMOVE_WIRE_DATA, pp, &len, &p->remove_wire_data) < 0) | ||
450 | return (-1); | ||
451 | |||
452 | return (0); | ||
453 | } | ||
454 | |||
455 | static size_t | ||
456 | pack(uint8_t *ptr, size_t len, const struct param *p) | ||
457 | { | ||
458 | const size_t max = len; | ||
459 | |||
460 | if (pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || | ||
461 | pack_string(TAG_NAME, &ptr, &len, p->name) < 0 || | ||
462 | pack_int(TAG_SEED, &ptr, &len, p->seed) < 0 || | ||
463 | pack_blob(TAG_ID, &ptr, &len, &p->id) < 0 || | ||
464 | pack_blob(TAG_INFO_WIRE_DATA, &ptr, &len, &p->info_wire_data) < 0 || | ||
465 | pack_blob(TAG_ENROLL_WIRE_DATA, &ptr, &len, &p->enroll_wire_data) < 0 || | ||
466 | pack_blob(TAG_LIST_WIRE_DATA, &ptr, &len, &p->list_wire_data) < 0 || | ||
467 | pack_blob(TAG_SET_NAME_WIRE_DATA, &ptr, &len, &p->set_name_wire_data) < 0 || | ||
468 | pack_blob(TAG_REMOVE_WIRE_DATA, &ptr, &len, &p->remove_wire_data) < 0) | ||
469 | return (0); | ||
470 | |||
471 | return (max - len); | ||
472 | } | ||
473 | |||
474 | static fido_dev_t * | ||
475 | prepare_dev() | ||
476 | { | ||
477 | fido_dev_t *dev; | ||
478 | fido_dev_io_t io; | ||
479 | |||
480 | io.open = dev_open; | ||
481 | io.close = dev_close; | ||
482 | io.read = dev_read; | ||
483 | io.write = dev_write; | ||
484 | |||
485 | if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev, | ||
486 | &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) { | ||
487 | fido_dev_free(&dev); | ||
488 | return (NULL); | ||
489 | } | ||
490 | |||
491 | return (dev); | ||
492 | } | ||
493 | |||
494 | static void | ||
495 | get_info(struct param *p) | ||
496 | { | ||
497 | fido_dev_t *dev = NULL; | ||
498 | fido_bio_info_t *i = NULL; | ||
499 | uint8_t type; | ||
500 | uint8_t max_samples; | ||
501 | |||
502 | set_wire_data(p->info_wire_data.body, p->info_wire_data.len); | ||
503 | |||
504 | if ((dev = prepare_dev()) == NULL || (i = fido_bio_info_new()) == NULL) | ||
505 | goto done; | ||
506 | |||
507 | fido_bio_dev_get_info(dev, i); | ||
508 | |||
509 | type = fido_bio_info_type(i); | ||
510 | max_samples = fido_bio_info_max_samples(i); | ||
511 | consume(&type, sizeof(type)); | ||
512 | consume(&max_samples, sizeof(max_samples)); | ||
513 | |||
514 | done: | ||
515 | if (dev) | ||
516 | fido_dev_close(dev); | ||
517 | |||
518 | fido_dev_free(&dev); | ||
519 | fido_bio_info_free(&i); | ||
520 | } | ||
521 | |||
522 | static void | ||
523 | consume_template(const fido_bio_template_t *t) | ||
524 | { | ||
525 | consume(fido_bio_template_name(t), xstrlen(fido_bio_template_name(t))); | ||
526 | consume(fido_bio_template_id_ptr(t), fido_bio_template_id_len(t)); | ||
527 | } | ||
528 | |||
529 | static void | ||
530 | consume_enroll(fido_bio_enroll_t *e) | ||
531 | { | ||
532 | uint8_t last_status; | ||
533 | uint8_t remaining_samples; | ||
534 | |||
535 | last_status = fido_bio_enroll_last_status(e); | ||
536 | remaining_samples = fido_bio_enroll_remaining_samples(e); | ||
537 | consume(&last_status, sizeof(last_status)); | ||
538 | consume(&remaining_samples, sizeof(remaining_samples)); | ||
539 | } | ||
540 | |||
541 | static void | ||
542 | enroll(struct param *p) | ||
543 | { | ||
544 | fido_dev_t *dev = NULL; | ||
545 | fido_bio_template_t *t = NULL; | ||
546 | fido_bio_enroll_t *e = NULL; | ||
547 | size_t cnt = 0; | ||
548 | |||
549 | set_wire_data(p->enroll_wire_data.body, p->enroll_wire_data.len); | ||
550 | |||
551 | if ((dev = prepare_dev()) == NULL || | ||
552 | (t = fido_bio_template_new()) == NULL || | ||
553 | (e = fido_bio_enroll_new()) == NULL) | ||
554 | goto done; | ||
555 | |||
556 | fido_bio_dev_enroll_begin(dev, t, e, p->seed, p->pin); | ||
557 | |||
558 | consume_template(t); | ||
559 | consume_enroll(e); | ||
560 | |||
561 | while (fido_bio_enroll_remaining_samples(e) > 0 && cnt++ < 5) { | ||
562 | fido_bio_dev_enroll_continue(dev, t, e, p->seed); | ||
563 | consume_template(t); | ||
564 | consume_enroll(e); | ||
565 | } | ||
566 | |||
567 | done: | ||
568 | if (dev) | ||
569 | fido_dev_close(dev); | ||
570 | |||
571 | fido_dev_free(&dev); | ||
572 | fido_bio_template_free(&t); | ||
573 | fido_bio_enroll_free(&e); | ||
574 | } | ||
575 | |||
576 | static void | ||
577 | list(struct param *p) | ||
578 | { | ||
579 | fido_dev_t *dev = NULL; | ||
580 | fido_bio_template_array_t *ta = NULL; | ||
581 | const fido_bio_template_t *t = NULL; | ||
582 | |||
583 | set_wire_data(p->list_wire_data.body, p->list_wire_data.len); | ||
584 | |||
585 | if ((dev = prepare_dev()) == NULL || | ||
586 | (ta = fido_bio_template_array_new()) == NULL) | ||
587 | goto done; | ||
588 | |||
589 | fido_bio_dev_get_template_array(dev, ta, p->pin); | ||
590 | |||
591 | /* +1 on purpose */ | ||
592 | for (size_t i = 0; i < fido_bio_template_array_count(ta) + 1; i++) | ||
593 | if ((t = fido_bio_template(ta, i)) != NULL) | ||
594 | consume_template(t); | ||
595 | |||
596 | done: | ||
597 | if (dev) | ||
598 | fido_dev_close(dev); | ||
599 | |||
600 | fido_dev_free(&dev); | ||
601 | fido_bio_template_array_free(&ta); | ||
602 | } | ||
603 | |||
604 | static void | ||
605 | set_name(struct param *p) | ||
606 | { | ||
607 | fido_dev_t *dev = NULL; | ||
608 | fido_bio_template_t *t = NULL; | ||
609 | |||
610 | set_wire_data(p->set_name_wire_data.body, p->set_name_wire_data.len); | ||
611 | |||
612 | if ((dev = prepare_dev()) == NULL || | ||
613 | (t = fido_bio_template_new()) == NULL) | ||
614 | goto done; | ||
615 | |||
616 | fido_bio_template_set_name(t, p->name); | ||
617 | fido_bio_template_set_id(t, p->id.body, p->id.len); | ||
618 | consume_template(t); | ||
619 | |||
620 | fido_bio_dev_set_template_name(dev, t, p->pin); | ||
621 | |||
622 | done: | ||
623 | if (dev) | ||
624 | fido_dev_close(dev); | ||
625 | |||
626 | fido_dev_free(&dev); | ||
627 | fido_bio_template_free(&t); | ||
628 | } | ||
629 | |||
630 | static void | ||
631 | del(struct param *p) | ||
632 | { | ||
633 | fido_dev_t *dev = NULL; | ||
634 | fido_bio_template_t *t = NULL; | ||
635 | |||
636 | set_wire_data(p->remove_wire_data.body, p->remove_wire_data.len); | ||
637 | |||
638 | if ((dev = prepare_dev()) == NULL || | ||
639 | (t = fido_bio_template_new()) == NULL) | ||
640 | goto done; | ||
641 | |||
642 | fido_bio_template_set_id(t, p->id.body, p->id.len); | ||
643 | consume_template(t); | ||
644 | |||
645 | fido_bio_dev_enroll_remove(dev, t, p->pin); | ||
646 | |||
647 | done: | ||
648 | if (dev) | ||
649 | fido_dev_close(dev); | ||
650 | |||
651 | fido_dev_free(&dev); | ||
652 | fido_bio_template_free(&t); | ||
653 | } | ||
654 | |||
655 | int | ||
656 | LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
657 | { | ||
658 | struct param p; | ||
659 | |||
660 | memset(&p, 0, sizeof(p)); | ||
661 | |||
662 | if (unpack(data, size, &p) < 0) | ||
663 | return (0); | ||
664 | |||
665 | srandom((unsigned int)p.seed); | ||
666 | |||
667 | fido_init(0); | ||
668 | |||
669 | get_info(&p); | ||
670 | enroll(&p); | ||
671 | list(&p); | ||
672 | set_name(&p); | ||
673 | del(&p); | ||
674 | |||
675 | return (0); | ||
676 | } | ||
677 | |||
678 | static size_t | ||
679 | pack_dummy(uint8_t *ptr, size_t len) | ||
680 | { | ||
681 | struct param dummy; | ||
682 | uint8_t blob[32768]; | ||
683 | size_t blob_len; | ||
684 | |||
685 | memset(&dummy, 0, sizeof(dummy)); | ||
686 | |||
687 | strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin)); | ||
688 | strlcpy(dummy.name, dummy_name, sizeof(dummy.name)); | ||
689 | |||
690 | dummy.info_wire_data.len = sizeof(dummy_info_wire_data); | ||
691 | dummy.enroll_wire_data.len = sizeof(dummy_enroll_wire_data); | ||
692 | dummy.list_wire_data.len = sizeof(dummy_list_wire_data); | ||
693 | dummy.set_name_wire_data.len = sizeof(dummy_set_name_wire_data); | ||
694 | dummy.remove_wire_data.len = sizeof(dummy_remove_wire_data); | ||
695 | dummy.id.len = sizeof(dummy_id); | ||
696 | |||
697 | memcpy(&dummy.info_wire_data.body, &dummy_info_wire_data, | ||
698 | dummy.info_wire_data.len); | ||
699 | memcpy(&dummy.enroll_wire_data.body, &dummy_enroll_wire_data, | ||
700 | dummy.enroll_wire_data.len); | ||
701 | memcpy(&dummy.list_wire_data.body, &dummy_list_wire_data, | ||
702 | dummy.list_wire_data.len); | ||
703 | memcpy(&dummy.set_name_wire_data.body, &dummy_set_name_wire_data, | ||
704 | dummy.set_name_wire_data.len); | ||
705 | memcpy(&dummy.remove_wire_data.body, &dummy_remove_wire_data, | ||
706 | dummy.remove_wire_data.len); | ||
707 | memcpy(&dummy.id.body, &dummy_id, dummy.id.len); | ||
708 | |||
709 | blob_len = pack(blob, sizeof(blob), &dummy); | ||
710 | assert(blob_len != 0); | ||
711 | |||
712 | if (blob_len > len) { | ||
713 | memcpy(ptr, blob, len); | ||
714 | return (len); | ||
715 | } | ||
716 | |||
717 | memcpy(ptr, blob, blob_len); | ||
718 | |||
719 | return (blob_len); | ||
720 | } | ||
721 | |||
722 | size_t | ||
723 | LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, | ||
724 | unsigned int seed) NO_MSAN | ||
725 | { | ||
726 | struct param p; | ||
727 | uint8_t blob[16384]; | ||
728 | size_t blob_len; | ||
729 | |||
730 | memset(&p, 0, sizeof(p)); | ||
731 | |||
732 | if (unpack(data, size, &p) < 0) | ||
733 | return (pack_dummy(data, maxsize)); | ||
734 | |||
735 | p.seed = (int)seed; | ||
736 | |||
737 | mutate_blob(&p.id); | ||
738 | mutate_blob(&p.info_wire_data); | ||
739 | mutate_blob(&p.enroll_wire_data); | ||
740 | mutate_blob(&p.list_wire_data); | ||
741 | mutate_blob(&p.set_name_wire_data); | ||
742 | mutate_blob(&p.remove_wire_data); | ||
743 | |||
744 | mutate_string(p.pin); | ||
745 | mutate_string(p.name); | ||
746 | |||
747 | blob_len = pack(blob, sizeof(blob), &p); | ||
748 | |||
749 | if (blob_len == 0 || blob_len > maxsize) | ||
750 | return (0); | ||
751 | |||
752 | memcpy(data, blob, blob_len); | ||
753 | |||
754 | return (blob_len); | ||
755 | } | ||
diff --git a/fuzz/fuzz_cred.c b/fuzz/fuzz_cred.c new file mode 100644 index 0000000..7bd1d3c --- /dev/null +++ b/fuzz/fuzz_cred.c | |||
@@ -0,0 +1,925 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #include <assert.h> | ||
8 | #include <stdint.h> | ||
9 | #include <stdlib.h> | ||
10 | #include <string.h> | ||
11 | #include <stdio.h> | ||
12 | |||
13 | #include "mutator_aux.h" | ||
14 | #include "fido.h" | ||
15 | |||
16 | #include "../openbsd-compat/openbsd-compat.h" | ||
17 | |||
18 | #define TAG_U2F 0x01 | ||
19 | #define TAG_TYPE 0x02 | ||
20 | #define TAG_CDH 0x03 | ||
21 | #define TAG_RP_ID 0x04 | ||
22 | #define TAG_RP_NAME 0x05 | ||
23 | #define TAG_USER_ID 0x06 | ||
24 | #define TAG_USER_NAME 0x07 | ||
25 | #define TAG_USER_NICK 0x08 | ||
26 | #define TAG_USER_ICON 0x09 | ||
27 | #define TAG_EXT 0x0a | ||
28 | #define TAG_SEED 0x0b | ||
29 | #define TAG_RK 0x0c | ||
30 | #define TAG_UV 0x0d | ||
31 | #define TAG_PIN 0x0e | ||
32 | #define TAG_WIRE_DATA 0x0f | ||
33 | #define TAG_EXCL_COUNT 0x10 | ||
34 | #define TAG_EXCL_CRED 0x11 | ||
35 | |||
36 | /* Parameter set defining a FIDO2 make credential operation. */ | ||
37 | struct param { | ||
38 | char pin[MAXSTR]; | ||
39 | char rp_id[MAXSTR]; | ||
40 | char rp_name[MAXSTR]; | ||
41 | char user_icon[MAXSTR]; | ||
42 | char user_name[MAXSTR]; | ||
43 | char user_nick[MAXSTR]; | ||
44 | int ext; | ||
45 | int seed; | ||
46 | struct blob cdh; | ||
47 | struct blob excl_cred; | ||
48 | struct blob user_id; | ||
49 | struct blob wire_data; | ||
50 | uint8_t excl_count; | ||
51 | uint8_t rk; | ||
52 | uint8_t type; | ||
53 | uint8_t u2f; | ||
54 | uint8_t uv; | ||
55 | }; | ||
56 | |||
57 | /* Example parameters. */ | ||
58 | static const char dummy_rp_id[] = "localhost"; | ||
59 | static const char dummy_rp_name[] = "sweet home localhost"; | ||
60 | static const char dummy_pin[] = "9}4gT:8d=A37Dh}U"; | ||
61 | static const char dummy_user_icon[] = "an icon"; | ||
62 | static const char dummy_user_name[] = "john smith"; | ||
63 | static const char dummy_user_nick[] = "jsmith"; | ||
64 | |||
65 | static const uint8_t dummy_cdh[] = { | ||
66 | 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb, | ||
67 | 0xdd, 0xd7, 0xfb, 0x06, 0x37, 0x62, 0xea, 0x26, | ||
68 | 0x20, 0x44, 0x8e, 0x69, 0x7c, 0x03, 0xf2, 0x31, | ||
69 | 0x2f, 0x99, 0xdc, 0xaf, 0x3e, 0x8a, 0x91, 0x6b, | ||
70 | }; | ||
71 | |||
72 | static const uint8_t dummy_user_id[] = { | ||
73 | 0x78, 0x1c, 0x78, 0x60, 0xad, 0x88, 0xd2, 0x63, | ||
74 | 0x32, 0x62, 0x2a, 0xf1, 0x74, 0x5d, 0xed, 0xb2, | ||
75 | 0xe7, 0xa4, 0x2b, 0x44, 0x89, 0x29, 0x39, 0xc5, | ||
76 | 0x56, 0x64, 0x01, 0x27, 0x0d, 0xbb, 0xc4, 0x49, | ||
77 | }; | ||
78 | |||
79 | /* | ||
80 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
81 | * make credential using the example parameters above. | ||
82 | */ | ||
83 | static const uint8_t dummy_wire_data_fido[] = { | ||
84 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xb0, | ||
85 | 0x84, 0xeb, 0xec, 0x4d, 0x97, 0x72, 0x09, 0x00, | ||
86 | 0x91, 0x00, 0x03, 0x02, 0x05, 0x00, 0x02, 0x05, | ||
87 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
88 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
89 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
90 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
91 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
92 | 0x00, 0x91, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00, | ||
93 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
94 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x69, 0xf2, 0x7d, | ||
95 | 0x37, 0x57, 0xda, 0x11, 0xba, 0x42, 0xde, 0x79, | ||
96 | 0xe4, 0xab, 0x8d, 0x73, 0x63, 0xee, 0x66, 0x9e, | ||
97 | 0x8a, 0x70, 0xa9, 0xb5, 0xf6, 0x38, 0x4f, 0x5b, | ||
98 | 0xdf, 0xe1, 0xa0, 0xa4, 0xff, 0x22, 0x58, 0x20, | ||
99 | 0x8a, 0xcb, 0x23, 0x2e, 0x93, 0xdb, 0xe0, 0xa4, | ||
100 | 0x00, 0x91, 0x00, 0x03, 0x00, 0xbb, 0xb5, 0x60, | ||
101 | 0x19, 0x18, 0x8b, 0x4d, 0xb8, 0x88, 0x6e, 0x13, | ||
102 | 0x75, 0xac, 0x00, 0x19, 0x27, 0x80, 0xcc, 0x63, | ||
103 | 0xc4, 0xbf, 0xfe, 0x4b, 0x4a, 0x00, 0x00, 0x00, | ||
104 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
105 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
106 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
107 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
108 | 0x00, 0x91, 0x00, 0x03, 0x90, 0x00, 0x14, 0x00, | ||
109 | 0xa1, 0x02, 0x50, 0x10, 0x89, 0x77, 0x43, 0x3a, | ||
110 | 0x58, 0xa2, 0xc9, 0x98, 0x18, 0x1a, 0xb1, 0xcc, | ||
111 | 0x09, 0x6b, 0xd0, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
112 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
113 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
114 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
115 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
116 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
117 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
118 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
119 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
120 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
121 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
122 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
123 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
124 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
125 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
126 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
127 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
128 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
129 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
130 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
131 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
132 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
133 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
134 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
135 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
136 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
137 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
138 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
139 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
140 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
141 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
142 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
143 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
144 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
145 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
146 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
147 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
148 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
149 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
150 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
151 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
152 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
153 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
154 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
155 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
156 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
157 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
158 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
159 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
160 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
161 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
162 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
163 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
164 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
165 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
166 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
167 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
168 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
169 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
170 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
171 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
172 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
173 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
174 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
175 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
176 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
177 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
178 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
179 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
180 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
181 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
182 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
183 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
184 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
185 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
186 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
187 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
188 | 0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02, | ||
189 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
190 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
191 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
192 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
193 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
194 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
195 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
196 | 0x00, 0x91, 0x00, 0x03, 0x90, 0x03, 0xe1, 0x00, | ||
197 | 0xa3, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, | ||
198 | 0x64, 0x02, 0x58, 0xc4, 0x49, 0x96, 0x0d, 0xe5, | ||
199 | 0x88, 0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, | ||
200 | 0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, | ||
201 | 0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, | ||
202 | 0x83, 0x1d, 0x97, 0x63, 0x45, 0x00, 0x00, 0x00, | ||
203 | 0x00, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, | ||
204 | 0x00, 0x91, 0x00, 0x03, 0x00, 0x15, 0x80, 0x06, | ||
205 | 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, | ||
206 | 0xed, 0x88, 0x48, 0xa1, 0xdb, 0x56, 0x4d, 0x0f, | ||
207 | 0x0d, 0xc8, 0x8f, 0x0f, 0xe9, 0x16, 0xb1, 0x78, | ||
208 | 0xa9, 0x40, 0x98, 0x71, 0xa0, 0xb3, 0xf2, 0xcf, | ||
209 | 0x05, 0x73, 0x6c, 0x12, 0xbf, 0x00, 0x96, 0xf3, | ||
210 | 0x7b, 0x93, 0xba, 0x49, 0xee, 0x23, 0xb4, 0x78, | ||
211 | 0x2e, 0xfb, 0xce, 0x27, 0xa8, 0xc2, 0x26, 0x78, | ||
212 | 0x00, 0x91, 0x00, 0x03, 0x01, 0xcc, 0x95, 0x2d, | ||
213 | 0x40, 0xdb, 0xd1, 0x40, 0x3d, 0x2b, 0xa3, 0x31, | ||
214 | 0xa0, 0x75, 0x82, 0x63, 0xf0, 0xa5, 0x01, 0x02, | ||
215 | 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x9d, | ||
216 | 0x95, 0xa1, 0xb5, 0xd6, 0x11, 0xbf, 0xe2, 0x28, | ||
217 | 0xa0, 0x7f, 0xca, 0x1e, 0xd9, 0x09, 0x0f, 0x0d, | ||
218 | 0xe7, 0x8e, 0x29, 0xe8, 0x2e, 0x11, 0xdb, 0x55, | ||
219 | 0x62, 0x13, 0xd7, 0x26, 0xc2, 0x7e, 0x2b, 0x22, | ||
220 | 0x00, 0x91, 0x00, 0x03, 0x02, 0x58, 0x20, 0xbe, | ||
221 | 0x74, 0x2a, 0xac, 0xde, 0x11, 0x40, 0x76, 0x31, | ||
222 | 0x0b, 0xed, 0x55, 0xde, 0xf3, 0x03, 0xe4, 0x1c, | ||
223 | 0xac, 0x42, 0x63, 0x8f, 0xe8, 0x30, 0x63, 0xb7, | ||
224 | 0x07, 0x4e, 0x5d, 0xfb, 0x17, 0x5e, 0x9b, 0x03, | ||
225 | 0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, | ||
226 | 0x69, 0x67, 0x58, 0x48, 0x30, 0x46, 0x02, 0x21, | ||
227 | 0x00, 0xfb, 0xd1, 0x26, 0x76, 0x34, 0x74, 0xac, | ||
228 | 0x00, 0x91, 0x00, 0x03, 0x03, 0xf6, 0xd8, 0x5c, | ||
229 | 0x5d, 0xbc, 0xda, 0xe0, 0x43, 0xe0, 0xa5, 0x42, | ||
230 | 0x9f, 0xc7, 0xe2, 0x18, 0x3e, 0xe2, 0x2c, 0x94, | ||
231 | 0x78, 0xbf, 0x9c, 0xeb, 0x3e, 0x9d, 0x02, 0x21, | ||
232 | 0x00, 0xab, 0x21, 0x1b, 0xc4, 0x30, 0x69, 0xee, | ||
233 | 0x7f, 0x09, 0xe6, 0x6b, 0x99, 0x98, 0x34, 0x07, | ||
234 | 0x7b, 0x9a, 0x58, 0xb2, 0xe8, 0x77, 0xe0, 0xba, | ||
235 | 0x7d, 0xab, 0x65, 0xf8, 0xba, 0x2a, 0xcb, 0x9a, | ||
236 | 0x00, 0x91, 0x00, 0x03, 0x04, 0x41, 0x63, 0x78, | ||
237 | 0x35, 0x63, 0x81, 0x59, 0x02, 0xb3, 0x30, 0x82, | ||
238 | 0x02, 0xaf, 0x30, 0x82, 0x01, 0x97, 0xa0, 0x03, | ||
239 | 0x02, 0x01, 0x02, 0x02, 0x04, 0x48, 0x5b, 0x3d, | ||
240 | 0xb6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, | ||
241 | 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, | ||
242 | 0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, | ||
243 | 0x55, 0x04, 0x03, 0x0c, 0x16, 0x59, 0x75, 0x62, | ||
244 | 0x00, 0x91, 0x00, 0x03, 0x05, 0x69, 0x63, 0x6f, | ||
245 | 0x20, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x50, 0x72, | ||
246 | 0x65, 0x76, 0x69, 0x65, 0x77, 0x20, 0x43, 0x41, | ||
247 | 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x34, | ||
248 | 0x31, 0x32, 0x31, 0x30, 0x35, 0x37, 0x31, 0x30, | ||
249 | 0x5a, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x32, 0x33, | ||
250 | 0x31, 0x31, 0x30, 0x35, 0x37, 0x31, 0x30, 0x5a, | ||
251 | 0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, | ||
252 | 0x00, 0x91, 0x00, 0x03, 0x06, 0x55, 0x04, 0x06, | ||
253 | 0x13, 0x02, 0x53, 0x45, 0x31, 0x12, 0x30, 0x10, | ||
254 | 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x59, | ||
255 | 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x41, 0x42, | ||
256 | 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, | ||
257 | 0x0b, 0x0c, 0x19, 0x41, 0x75, 0x74, 0x68, 0x65, | ||
258 | 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x6f, 0x72, | ||
259 | 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, | ||
260 | 0x00, 0x91, 0x00, 0x03, 0x07, 0x74, 0x69, 0x6f, | ||
261 | 0x6e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, | ||
262 | 0x04, 0x03, 0x0c, 0x1f, 0x59, 0x75, 0x62, 0x69, | ||
263 | 0x63, 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x45, | ||
264 | 0x45, 0x20, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, | ||
265 | 0x20, 0x31, 0x32, 0x31, 0x33, 0x39, 0x33, 0x39, | ||
266 | 0x31, 0x32, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, | ||
267 | 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, | ||
268 | 0x00, 0x91, 0x00, 0x03, 0x08, 0x06, 0x08, 0x2a, | ||
269 | 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, | ||
270 | 0x42, 0x00, 0x04, 0xfb, 0x2c, 0xdd, 0x30, 0x43, | ||
271 | 0x28, 0xc5, 0x72, 0x4a, 0x50, 0xcc, 0xe6, 0xf6, | ||
272 | 0x0b, 0xad, 0x7d, 0x27, 0xa9, 0x1b, 0x59, 0xe1, | ||
273 | 0xe6, 0x6f, 0x29, 0x7b, 0x89, 0xc9, 0xd4, 0x3d, | ||
274 | 0xc2, 0xb2, 0xc7, 0x78, 0x89, 0xb4, 0xf0, 0xff, | ||
275 | 0x9d, 0x02, 0x28, 0xcb, 0x94, 0x6d, 0xfc, 0xe0, | ||
276 | 0x00, 0x91, 0x00, 0x03, 0x09, 0x1b, 0x19, 0x58, | ||
277 | 0x9b, 0x67, 0x80, 0x4a, 0xac, 0x97, 0x7f, 0x28, | ||
278 | 0x18, 0x9c, 0xcd, 0xb3, 0x25, 0x74, 0xca, 0x28, | ||
279 | 0xa3, 0x6c, 0x30, 0x6a, 0x30, 0x22, 0x06, 0x09, | ||
280 | 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xc4, 0x0a, | ||
281 | 0x02, 0x04, 0x15, 0x31, 0x2e, 0x33, 0x2e, 0x36, | ||
282 | 0x2e, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x2e, 0x34, | ||
283 | 0x31, 0x34, 0x38, 0x32, 0x2e, 0x31, 0x2e, 0x36, | ||
284 | 0x00, 0x91, 0x00, 0x03, 0x0a, 0x30, 0x13, 0x06, | ||
285 | 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xe5, | ||
286 | 0x1c, 0x02, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, | ||
287 | 0x04, 0x30, 0x30, 0x21, 0x06, 0x0b, 0x2b, 0x06, | ||
288 | 0x01, 0x04, 0x01, 0x82, 0xe5, 0x1c, 0x01, 0x01, | ||
289 | 0x04, 0x04, 0x12, 0x04, 0x10, 0xf8, 0xa0, 0x11, | ||
290 | 0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, | ||
291 | 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x30, 0x0c, 0x06, | ||
292 | 0x00, 0x91, 0x00, 0x03, 0x0b, 0x03, 0x55, 0x1d, | ||
293 | 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, | ||
294 | 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, | ||
295 | 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, | ||
296 | 0x82, 0x01, 0x01, 0x00, 0x32, 0xf3, 0xe4, 0xbd, | ||
297 | 0x58, 0xd7, 0x42, 0x2b, 0xaf, 0x49, 0x99, 0x86, | ||
298 | 0x08, 0x1f, 0x0d, 0xa9, 0x3b, 0xc6, 0xaa, 0x1c, | ||
299 | 0x72, 0x11, 0xf9, 0x28, 0x53, 0xeb, 0xf3, 0xeb, | ||
300 | 0x00, 0x91, 0x00, 0x03, 0x0c, 0x73, 0xda, 0x69, | ||
301 | 0x3b, 0x06, 0xde, 0x31, 0x33, 0x8e, 0x5d, 0x02, | ||
302 | 0xec, 0xf6, 0x76, 0xe9, 0x5c, 0x42, 0xbe, 0xa5, | ||
303 | 0x8f, 0x25, 0xd3, 0x37, 0x3f, 0x77, 0xbb, 0x2a, | ||
304 | 0x9d, 0x7c, 0xb2, 0x3e, 0x11, 0x8c, 0x41, 0xd4, | ||
305 | 0x9a, 0x4c, 0x9a, 0xd8, 0xf3, 0xe2, 0xa4, 0xec, | ||
306 | 0x01, 0x77, 0x7a, 0x74, 0xa8, 0xc4, 0x12, 0x43, | ||
307 | 0xc3, 0x1e, 0xce, 0x20, 0x8f, 0x2d, 0x0f, 0x6e, | ||
308 | 0x00, 0x91, 0x00, 0x03, 0x0d, 0xbc, 0x61, 0x9b, | ||
309 | 0xe1, 0x84, 0xa1, 0x72, 0xf6, 0xa9, 0xac, 0xcb, | ||
310 | 0xf8, 0x73, 0x6d, 0x5b, 0xe2, 0x98, 0xb3, 0x6b, | ||
311 | 0xec, 0xe7, 0x1e, 0x77, 0x8d, 0x0a, 0x69, 0xaa, | ||
312 | 0xf9, 0x94, 0xb8, 0x63, 0x6d, 0xe8, 0xfa, 0xf6, | ||
313 | 0x2f, 0xd3, 0xce, 0x7f, 0x04, 0x4c, 0x32, 0x2c, | ||
314 | 0xf7, 0x26, 0x3e, 0x34, 0x99, 0xe6, 0xa5, 0xb2, | ||
315 | 0xb0, 0x2a, 0xbb, 0xad, 0x5b, 0xd9, 0xec, 0xe5, | ||
316 | 0x00, 0x91, 0x00, 0x03, 0x0e, 0xb0, 0x71, 0x4d, | ||
317 | 0x73, 0xbb, 0x94, 0x61, 0x49, 0x9c, 0x94, 0x2a, | ||
318 | 0x5f, 0x1d, 0xcc, 0xaf, 0x65, 0x03, 0x3b, 0x39, | ||
319 | 0x39, 0xd4, 0x47, 0xd9, 0xfc, 0xc4, 0x7b, 0x0b, | ||
320 | 0x16, 0xd8, 0xe9, 0x01, 0xfc, 0xec, 0x3f, 0x8c, | ||
321 | 0x1b, 0xc0, 0xc6, 0xac, 0x0b, 0x5d, 0x74, 0xc7, | ||
322 | 0xbb, 0x03, 0x05, 0x69, 0x17, 0xe9, 0x98, 0x1a, | ||
323 | 0x19, 0xb9, 0x09, 0x5c, 0xa1, 0xf4, 0xab, 0x9f, | ||
324 | 0x00, 0x91, 0x00, 0x03, 0x0f, 0x02, 0x7c, 0x28, | ||
325 | 0x0f, 0x8a, 0xf9, 0xed, 0x1d, 0x29, 0x3c, 0xf6, | ||
326 | 0xcc, 0x2f, 0x04, 0x6d, 0x9a, 0xd6, 0x62, 0xb4, | ||
327 | 0xa9, 0x6e, 0xb1, 0xca, 0xca, 0xac, 0x5e, 0x05, | ||
328 | 0x3e, 0x83, 0x91, 0x47, 0x7c, 0x1f, 0x8b, 0x60, | ||
329 | 0x01, 0xde, 0x65, 0x3a, 0xbf, 0xf2, 0xaa, 0xbb, | ||
330 | 0x55, 0x98, 0x86, 0x91, 0x7e, 0xad, 0x3b, 0x36, | ||
331 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
332 | }; | ||
333 | |||
334 | /* | ||
335 | * Collection of HID reports from an authenticator issued with a U2F | ||
336 | * registration using the example parameters above. | ||
337 | */ | ||
338 | static const uint8_t dummy_wire_data_u2f[] = { | ||
339 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x8e, | ||
340 | 0x80, 0xd0, 0xe2, 0x3b, 0x24, 0x93, 0xea, 0x00, | ||
341 | 0x00, 0x99, 0x01, 0x02, 0x01, 0x01, 0x00, 0x01, | ||
342 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
343 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
344 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
345 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
346 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
347 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
348 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
349 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
350 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
351 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
352 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
353 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
354 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
355 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
356 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
357 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
358 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
359 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
360 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
361 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
362 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
363 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
364 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
365 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
366 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
367 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
368 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
369 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
370 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
371 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
372 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
373 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
374 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
375 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
376 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
377 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
378 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
379 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
380 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
381 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
382 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
383 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
384 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
385 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
386 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
387 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
388 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
389 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
390 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
391 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
392 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
393 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
394 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
395 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
396 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
397 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
398 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
399 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
400 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
401 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
402 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
403 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
404 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
405 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
406 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
407 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
408 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
409 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
410 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
411 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
412 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
413 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
414 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
415 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
416 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
417 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
418 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
419 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
420 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
421 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
422 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
423 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
424 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
425 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
426 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
427 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
428 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
429 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
430 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
431 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
432 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
433 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
434 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
435 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
436 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
437 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
438 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
439 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
440 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
441 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
442 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
443 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
444 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
445 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
446 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
447 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
448 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
449 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
450 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
451 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
452 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
453 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
454 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
455 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
456 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
457 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
458 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
459 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
460 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
461 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
462 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
463 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
464 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
465 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
466 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
467 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
468 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
469 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
470 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
471 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
472 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
473 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
474 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
475 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
476 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
477 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
478 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
479 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
480 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
481 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
482 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
483 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
484 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
485 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
486 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
487 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
488 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
489 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
490 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
491 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
492 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
493 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
494 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
495 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
496 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
497 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
498 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
499 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
500 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
501 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
502 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
503 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
504 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
505 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
506 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
507 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, | ||
508 | 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
509 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
510 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
511 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
512 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
513 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
514 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
515 | 0x00, 0x00, 0x99, 0x01, 0x83, 0x03, 0x1e, 0x05, | ||
516 | 0x04, 0x9f, 0xa0, 0xf9, 0x0d, 0x4c, 0xf4, 0xae, | ||
517 | 0x96, 0x3c, 0xb7, 0x46, 0xb7, 0x5c, 0x9d, 0x8b, | ||
518 | 0x48, 0x19, 0xdf, 0xc4, 0xad, 0xea, 0xb2, 0x70, | ||
519 | 0x58, 0x72, 0xd9, 0xce, 0x75, 0xf5, 0xe6, 0x8e, | ||
520 | 0x0f, 0x9c, 0x0e, 0x2e, 0x62, 0x3e, 0x91, 0xd3, | ||
521 | 0x7b, 0x97, 0x46, 0x60, 0xb9, 0x57, 0x13, 0x97, | ||
522 | 0x26, 0xae, 0x0f, 0xb3, 0x8f, 0x2e, 0x9b, 0x3f, | ||
523 | 0x00, 0x00, 0x99, 0x01, 0x00, 0xa5, 0x55, 0xec, | ||
524 | 0x8c, 0x25, 0x7c, 0x65, 0xb7, 0x09, 0x40, 0x48, | ||
525 | 0xae, 0xa8, 0xcb, 0xa1, 0x91, 0xac, 0x40, 0x24, | ||
526 | 0xf2, 0x34, 0x6e, 0x3a, 0x8f, 0xa5, 0xb7, 0x48, | ||
527 | 0x54, 0x6e, 0xfb, 0xf4, 0x37, 0x88, 0x69, 0x79, | ||
528 | 0x6f, 0x12, 0xc1, 0x32, 0xdf, 0x15, 0x5d, 0x6e, | ||
529 | 0x82, 0x54, 0xc0, 0x6e, 0x56, 0x4f, 0x3a, 0x9c, | ||
530 | 0xc3, 0x96, 0x7a, 0xde, 0xa5, 0xfe, 0xec, 0xd1, | ||
531 | 0x00, 0x00, 0x99, 0x01, 0x01, 0x5a, 0x21, 0x85, | ||
532 | 0x0e, 0x25, 0x7b, 0x8d, 0x6e, 0x1d, 0x32, 0x29, | ||
533 | 0xdb, 0x21, 0xb0, 0xa3, 0x30, 0x82, 0x02, 0x4f, | ||
534 | 0x30, 0x82, 0x01, 0x37, 0xa0, 0x03, 0x02, 0x01, | ||
535 | 0x02, 0x02, 0x04, 0x2a, 0xd9, 0x6a, 0xf3, 0x30, | ||
536 | 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, | ||
537 | 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x2e, | ||
538 | 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, | ||
539 | 0x00, 0x00, 0x99, 0x01, 0x02, 0x03, 0x13, 0x23, | ||
540 | 0x59, 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, | ||
541 | 0x32, 0x46, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, | ||
542 | 0x43, 0x41, 0x20, 0x53, 0x65, 0x72, 0x69, 0x61, | ||
543 | 0x6c, 0x20, 0x34, 0x35, 0x37, 0x32, 0x30, 0x30, | ||
544 | 0x36, 0x33, 0x31, 0x30, 0x20, 0x17, 0x0d, 0x31, | ||
545 | 0x34, 0x30, 0x38, 0x30, 0x31, 0x30, 0x30, 0x30, | ||
546 | 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, | ||
547 | 0x00, 0x00, 0x99, 0x01, 0x03, 0x35, 0x30, 0x30, | ||
548 | 0x39, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, 0x30, | ||
549 | 0x30, 0x5a, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d, | ||
550 | 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x26, 0x59, | ||
551 | 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, 0x32, | ||
552 | 0x46, 0x20, 0x45, 0x45, 0x20, 0x53, 0x65, 0x72, | ||
553 | 0x69, 0x61, 0x6c, 0x20, 0x32, 0x33, 0x39, 0x32, | ||
554 | 0x35, 0x37, 0x33, 0x34, 0x35, 0x31, 0x36, 0x35, | ||
555 | 0x00, 0x00, 0x99, 0x01, 0x04, 0x35, 0x30, 0x33, | ||
556 | 0x38, 0x37, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, | ||
557 | 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, | ||
558 | 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, | ||
559 | 0x07, 0x03, 0x42, 0x00, 0x04, 0x2f, 0xe1, 0xa2, | ||
560 | 0x3e, 0xbf, 0xa5, 0x5b, 0x3e, 0x46, 0x1d, 0x59, | ||
561 | 0xa4, 0x35, 0x22, 0xd7, 0x97, 0x48, 0x98, 0x1c, | ||
562 | 0xba, 0x6d, 0x28, 0x9a, 0x98, 0xf1, 0xbd, 0x7d, | ||
563 | 0x00, 0x00, 0x99, 0x01, 0x05, 0xff, 0x65, 0x66, | ||
564 | 0x80, 0xdb, 0xbb, 0xed, 0xbc, 0x2b, 0xae, 0x60, | ||
565 | 0x7e, 0x6e, 0xf7, 0x72, 0xf5, 0x76, 0xb0, 0x4d, | ||
566 | 0x54, 0xc4, 0xe5, 0xf3, 0x2f, 0x59, 0x6f, 0x26, | ||
567 | 0xe6, 0x11, 0x15, 0xc7, 0x27, 0x2c, 0xf6, 0xca, | ||
568 | 0x75, 0x94, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x22, | ||
569 | 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, | ||
570 | 0xc4, 0x0a, 0x02, 0x04, 0x15, 0x31, 0x2e, 0x33, | ||
571 | 0x00, 0x00, 0x99, 0x01, 0x06, 0x2e, 0x36, 0x2e, | ||
572 | 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x2e, 0x34, 0x31, | ||
573 | 0x34, 0x38, 0x32, 0x2e, 0x31, 0x2e, 0x32, 0x30, | ||
574 | 0x13, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, | ||
575 | 0x82, 0xe5, 0x1c, 0x02, 0x01, 0x01, 0x04, 0x04, | ||
576 | 0x03, 0x02, 0x04, 0x30, 0x30, 0x0d, 0x06, 0x09, | ||
577 | 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, | ||
578 | 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, | ||
579 | 0x00, 0x00, 0x99, 0x01, 0x07, 0x85, 0x6a, 0xfa, | ||
580 | 0x8b, 0xcf, 0x4f, 0x3f, 0x62, 0x5f, 0x29, 0x1b, | ||
581 | 0xc1, 0x15, 0x8e, 0x3c, 0x7e, 0xbd, 0x25, 0x52, | ||
582 | 0xbc, 0xf7, 0x57, 0x07, 0x53, 0xf5, 0x12, 0x1d, | ||
583 | 0xa6, 0xa5, 0x4d, 0x24, 0xcc, 0xcf, 0xae, 0x27, | ||
584 | 0xce, 0xd6, 0xab, 0x31, 0x12, 0x8c, 0x29, 0x7e, | ||
585 | 0x5b, 0x5b, 0x89, 0x05, 0xdd, 0xa0, 0x20, 0x17, | ||
586 | 0x93, 0x1f, 0x1f, 0x5f, 0x59, 0x25, 0x93, 0x59, | ||
587 | 0x00, 0x00, 0x99, 0x01, 0x08, 0x51, 0xfc, 0x00, | ||
588 | 0x4b, 0xcb, 0xe2, 0x0a, 0xdd, 0x7d, 0x8d, 0x05, | ||
589 | 0x2f, 0x95, 0x43, 0xb3, 0x49, 0x6c, 0x15, 0xb8, | ||
590 | 0x31, 0x0e, 0x10, 0xcb, 0xd9, 0xbb, 0x05, 0x38, | ||
591 | 0x27, 0x4f, 0x58, 0x3e, 0xad, 0x1f, 0x45, 0x12, | ||
592 | 0x88, 0xc3, 0xea, 0x76, 0xd0, 0x70, 0xad, 0x44, | ||
593 | 0xe5, 0x3a, 0xfe, 0xa8, 0xf2, 0x2d, 0x1f, 0x73, | ||
594 | 0x62, 0x5f, 0xf2, 0xd5, 0x89, 0xfe, 0x30, 0xdf, | ||
595 | 0x00, 0x00, 0x99, 0x01, 0x09, 0x26, 0x62, 0xcb, | ||
596 | 0x7c, 0xbb, 0x7c, 0x99, 0x61, 0x80, 0xad, 0xcf, | ||
597 | 0xa9, 0x8a, 0x4d, 0x01, 0x2c, 0xf3, 0x13, 0x46, | ||
598 | 0xcd, 0x11, 0x74, 0x6a, 0x58, 0x48, 0xe8, 0xbe, | ||
599 | 0xed, 0xf3, 0xe3, 0x0c, 0xcb, 0xd9, 0xc1, 0xdd, | ||
600 | 0x22, 0x16, 0x71, 0xb2, 0x83, 0x88, 0x61, 0xf6, | ||
601 | 0x5a, 0x45, 0x36, 0x23, 0xb5, 0x18, 0xd5, 0x56, | ||
602 | 0x7f, 0xa8, 0xf0, 0xa3, 0xce, 0x10, 0x5d, 0xf4, | ||
603 | 0x00, 0x00, 0x99, 0x01, 0x0a, 0xf1, 0x39, 0x53, | ||
604 | 0xe1, 0x14, 0xea, 0x59, 0xe0, 0xa7, 0xf2, 0xfe, | ||
605 | 0x66, 0x88, 0x67, 0x43, 0x2e, 0x52, 0xfd, 0x6a, | ||
606 | 0x2f, 0x64, 0xf7, 0x3c, 0x48, 0xcd, 0x9b, 0x38, | ||
607 | 0xf2, 0xdf, 0xba, 0x2c, 0x7a, 0x4b, 0x3b, 0x11, | ||
608 | 0x28, 0xdf, 0x26, 0xd6, 0x6a, 0x24, 0xf8, 0x95, | ||
609 | 0xdd, 0xa0, 0xb6, 0x11, 0x80, 0xf4, 0x14, 0x4f, | ||
610 | 0x6b, 0x70, 0x75, 0xc3, 0x18, 0xa4, 0x9a, 0xe0, | ||
611 | 0x00, 0x00, 0x99, 0x01, 0x0b, 0x8b, 0x58, 0xd3, | ||
612 | 0x6a, 0xdb, 0x1e, 0x30, 0x53, 0x67, 0x2b, 0x17, | ||
613 | 0xc5, 0xa1, 0x9f, 0x7f, 0x0a, 0x22, 0xf1, 0x0e, | ||
614 | 0x94, 0x30, 0x44, 0x02, 0x20, 0x07, 0x5c, 0x4f, | ||
615 | 0xd2, 0x83, 0xb6, 0x9f, 0x0a, 0x4a, 0x4d, 0x4b, | ||
616 | 0x08, 0x35, 0xeb, 0xc0, 0x7e, 0x4a, 0x14, 0x2e, | ||
617 | 0xc7, 0x8c, 0xd6, 0x64, 0x2f, 0xd3, 0x1e, 0xcc, | ||
618 | 0xb5, 0xe8, 0x42, 0xea, 0xf6, 0x02, 0x20, 0x6b, | ||
619 | 0x00, 0x00, 0x99, 0x01, 0x0c, 0x5a, 0xba, 0x4a, | ||
620 | 0xc8, 0xd7, 0x89, 0xcc, 0x77, 0xe6, 0xb9, 0xa3, | ||
621 | 0x34, 0xea, 0x06, 0x85, 0x72, 0xc6, 0x28, 0xa8, | ||
622 | 0x7a, 0xaa, 0x19, 0x88, 0x34, 0xbb, 0xdc, 0x64, | ||
623 | 0x90, 0x0a, 0xdb, 0x39, 0x90, 0x00, 0x00, 0x00, | ||
624 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
625 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
626 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
627 | }; | ||
628 | |||
629 | int LLVMFuzzerTestOneInput(const uint8_t *, size_t); | ||
630 | size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); | ||
631 | |||
632 | static int | ||
633 | unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN | ||
634 | { | ||
635 | uint8_t **pp = (void *)&ptr; | ||
636 | |||
637 | if (unpack_byte(TAG_RK, pp, &len, &p->rk) < 0 || | ||
638 | unpack_byte(TAG_TYPE, pp, &len, &p->type) < 0 || | ||
639 | unpack_byte(TAG_U2F, pp, &len, &p->u2f) < 0 || | ||
640 | unpack_byte(TAG_UV, pp, &len, &p->uv) < 0 || | ||
641 | unpack_byte(TAG_EXCL_COUNT, pp, &len, &p->excl_count) < 0 || | ||
642 | unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || | ||
643 | unpack_string(TAG_RP_ID, pp, &len, p->rp_id) < 0 || | ||
644 | unpack_string(TAG_RP_NAME, pp, &len, p->rp_name) < 0 || | ||
645 | unpack_string(TAG_USER_ICON, pp, &len, p->user_icon) < 0 || | ||
646 | unpack_string(TAG_USER_NAME, pp, &len, p->user_name) < 0 || | ||
647 | unpack_string(TAG_USER_NICK, pp, &len, p->user_nick) < 0 || | ||
648 | unpack_int(TAG_EXT, pp, &len, &p->ext) < 0 || | ||
649 | unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || | ||
650 | unpack_blob(TAG_CDH, pp, &len, &p->cdh) < 0 || | ||
651 | unpack_blob(TAG_USER_ID, pp, &len, &p->user_id) < 0 || | ||
652 | unpack_blob(TAG_WIRE_DATA, pp, &len, &p->wire_data) < 0 || | ||
653 | unpack_blob(TAG_EXCL_CRED, pp, &len, &p->excl_cred) < 0) | ||
654 | return (-1); | ||
655 | |||
656 | return (0); | ||
657 | } | ||
658 | |||
659 | static size_t | ||
660 | pack(uint8_t *ptr, size_t len, const struct param *p) | ||
661 | { | ||
662 | const size_t max = len; | ||
663 | |||
664 | if (pack_byte(TAG_RK, &ptr, &len, p->rk) < 0 || | ||
665 | pack_byte(TAG_TYPE, &ptr, &len, p->type) < 0 || | ||
666 | pack_byte(TAG_U2F, &ptr, &len, p->u2f) < 0 || | ||
667 | pack_byte(TAG_UV, &ptr, &len, p->uv) < 0 || | ||
668 | pack_byte(TAG_EXCL_COUNT, &ptr, &len, p->excl_count) < 0 || | ||
669 | pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || | ||
670 | pack_string(TAG_RP_ID, &ptr, &len, p->rp_id) < 0 || | ||
671 | pack_string(TAG_RP_NAME, &ptr, &len, p->rp_name) < 0 || | ||
672 | pack_string(TAG_USER_ICON, &ptr, &len, p->user_icon) < 0 || | ||
673 | pack_string(TAG_USER_NAME, &ptr, &len, p->user_name) < 0 || | ||
674 | pack_string(TAG_USER_NICK, &ptr, &len, p->user_nick) < 0 || | ||
675 | pack_int(TAG_EXT, &ptr, &len, p->ext) < 0 || | ||
676 | pack_int(TAG_SEED, &ptr, &len, p->seed) < 0 || | ||
677 | pack_blob(TAG_CDH, &ptr, &len, &p->cdh) < 0 || | ||
678 | pack_blob(TAG_USER_ID, &ptr, &len, &p->user_id) < 0 || | ||
679 | pack_blob(TAG_WIRE_DATA, &ptr, &len, &p->wire_data) < 0 || | ||
680 | pack_blob(TAG_EXCL_CRED, &ptr, &len, &p->excl_cred) < 0) | ||
681 | return (0); | ||
682 | |||
683 | return (max - len); | ||
684 | } | ||
685 | |||
686 | static void | ||
687 | make_cred(fido_cred_t *cred, uint8_t u2f, int type, const struct blob *cdh, | ||
688 | const char *rp_id, const char *rp_name, struct blob *user_id, | ||
689 | const char *user_name, const char *user_nick, const char *user_icon, | ||
690 | int ext, uint8_t rk, uint8_t uv, const char *pin, uint8_t excl_count, | ||
691 | struct blob *excl_cred) | ||
692 | { | ||
693 | fido_dev_t *dev; | ||
694 | fido_dev_io_t io; | ||
695 | |||
696 | io.open = dev_open; | ||
697 | io.close = dev_close; | ||
698 | io.read = dev_read; | ||
699 | io.write = dev_write; | ||
700 | |||
701 | if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev, | ||
702 | &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) { | ||
703 | fido_dev_free(&dev); | ||
704 | return; | ||
705 | } | ||
706 | |||
707 | if (u2f & 1) | ||
708 | fido_dev_force_u2f(dev); | ||
709 | |||
710 | for (uint8_t i = 0; i < excl_count; i++) | ||
711 | fido_cred_exclude(cred, excl_cred->body, excl_cred->len); | ||
712 | |||
713 | fido_cred_set_type(cred, type); | ||
714 | fido_cred_set_clientdata_hash(cred, cdh->body, cdh->len); | ||
715 | fido_cred_set_rp(cred, rp_id, rp_name); | ||
716 | fido_cred_set_user(cred, user_id->body, user_id->len, user_name, | ||
717 | user_nick, user_icon); | ||
718 | fido_cred_set_extensions(cred, ext); | ||
719 | if (rk & 1) | ||
720 | fido_cred_set_rk(cred, FIDO_OPT_TRUE); | ||
721 | if (uv & 1) | ||
722 | fido_cred_set_uv(cred, FIDO_OPT_TRUE); | ||
723 | |||
724 | fido_dev_make_cred(dev, cred, u2f & 1 ? NULL : pin); | ||
725 | |||
726 | fido_dev_cancel(dev); | ||
727 | fido_dev_close(dev); | ||
728 | fido_dev_free(&dev); | ||
729 | } | ||
730 | |||
731 | static void | ||
732 | verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, | ||
733 | const char *rp_id, const char *rp_name, const unsigned char *authdata_ptr, | ||
734 | size_t authdata_len, int ext, uint8_t rk, uint8_t uv, | ||
735 | const unsigned char *x5c_ptr, size_t x5c_len, const unsigned char *sig_ptr, | ||
736 | size_t sig_len, const char *fmt) | ||
737 | { | ||
738 | fido_cred_t *cred; | ||
739 | uint8_t flags; | ||
740 | |||
741 | if ((cred = fido_cred_new()) == NULL) { | ||
742 | warnx("%s: fido_cred_new", __func__); | ||
743 | return; | ||
744 | } | ||
745 | |||
746 | fido_cred_set_type(cred, type); | ||
747 | fido_cred_set_clientdata_hash(cred, cdh_ptr, cdh_len); | ||
748 | fido_cred_set_rp(cred, rp_id, rp_name); | ||
749 | if (fido_cred_set_authdata(cred, authdata_ptr, authdata_len) != FIDO_OK) | ||
750 | fido_cred_set_authdata_raw(cred, authdata_ptr, authdata_len); | ||
751 | fido_cred_set_extensions(cred, ext); | ||
752 | fido_cred_set_x509(cred, x5c_ptr, x5c_len); | ||
753 | fido_cred_set_sig(cred, sig_ptr, sig_len); | ||
754 | |||
755 | if (rk & 1) | ||
756 | fido_cred_set_rk(cred, FIDO_OPT_TRUE); | ||
757 | if (uv & 1) | ||
758 | fido_cred_set_uv(cred, FIDO_OPT_TRUE); | ||
759 | if (fmt) | ||
760 | fido_cred_set_fmt(cred, fmt); | ||
761 | |||
762 | fido_cred_verify(cred); | ||
763 | fido_cred_verify_self(cred); | ||
764 | |||
765 | consume(fido_cred_pubkey_ptr(cred), fido_cred_pubkey_len(cred)); | ||
766 | consume(fido_cred_id_ptr(cred), fido_cred_id_len(cred)); | ||
767 | consume(fido_cred_user_id_ptr(cred), fido_cred_user_id_len(cred)); | ||
768 | consume(fido_cred_user_name(cred), xstrlen(fido_cred_user_name(cred))); | ||
769 | consume(fido_cred_display_name(cred), | ||
770 | xstrlen(fido_cred_display_name(cred))); | ||
771 | |||
772 | flags = fido_cred_flags(cred); | ||
773 | consume(&flags, sizeof(flags)); | ||
774 | type = fido_cred_type(cred); | ||
775 | consume(&type, sizeof(type)); | ||
776 | |||
777 | fido_cred_free(&cred); | ||
778 | } | ||
779 | |||
780 | int | ||
781 | LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
782 | { | ||
783 | struct param p; | ||
784 | fido_cred_t *cred = NULL; | ||
785 | int cose_alg = 0; | ||
786 | |||
787 | memset(&p, 0, sizeof(p)); | ||
788 | |||
789 | if (unpack(data, size, &p) < 0) | ||
790 | return (0); | ||
791 | |||
792 | srandom((unsigned int)p.seed); | ||
793 | |||
794 | fido_init(0); | ||
795 | |||
796 | if ((cred = fido_cred_new()) == NULL) | ||
797 | return (0); | ||
798 | |||
799 | set_wire_data(p.wire_data.body, p.wire_data.len); | ||
800 | |||
801 | switch (p.type & 3) { | ||
802 | case 0: | ||
803 | cose_alg = COSE_ES256; | ||
804 | break; | ||
805 | case 1: | ||
806 | cose_alg = COSE_RS256; | ||
807 | break; | ||
808 | default: | ||
809 | cose_alg = COSE_EDDSA; | ||
810 | break; | ||
811 | } | ||
812 | |||
813 | make_cred(cred, p.u2f, cose_alg, &p.cdh, p.rp_id, p.rp_name, | ||
814 | &p.user_id, p.user_name, p.user_nick, p.user_icon, p.ext, p.rk, | ||
815 | p.uv, p.pin, p.excl_count, &p.excl_cred); | ||
816 | |||
817 | verify_cred(cose_alg, | ||
818 | fido_cred_clientdata_hash_ptr(cred), | ||
819 | fido_cred_clientdata_hash_len(cred), fido_cred_rp_id(cred), | ||
820 | fido_cred_rp_name(cred), fido_cred_authdata_ptr(cred), | ||
821 | fido_cred_authdata_len(cred), p.ext, p.rk, p.uv, | ||
822 | fido_cred_x5c_ptr(cred), fido_cred_x5c_len(cred), | ||
823 | fido_cred_sig_ptr(cred), fido_cred_sig_len(cred), | ||
824 | fido_cred_fmt(cred)); | ||
825 | |||
826 | fido_cred_free(&cred); | ||
827 | |||
828 | return (0); | ||
829 | } | ||
830 | |||
831 | static size_t | ||
832 | pack_dummy(uint8_t *ptr, size_t len) | ||
833 | { | ||
834 | struct param dummy; | ||
835 | uint8_t blob[16384]; | ||
836 | size_t blob_len; | ||
837 | |||
838 | memset(&dummy, 0, sizeof(dummy)); | ||
839 | |||
840 | dummy.type = 1; | ||
841 | dummy.ext = FIDO_EXT_HMAC_SECRET; | ||
842 | |||
843 | strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin)); | ||
844 | strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id)); | ||
845 | strlcpy(dummy.rp_name, dummy_rp_name, sizeof(dummy.rp_name)); | ||
846 | strlcpy(dummy.user_icon, dummy_user_icon, sizeof(dummy.user_icon)); | ||
847 | strlcpy(dummy.user_name, dummy_user_name, sizeof(dummy.user_name)); | ||
848 | strlcpy(dummy.user_nick, dummy_user_nick, sizeof(dummy.user_nick)); | ||
849 | |||
850 | dummy.cdh.len = sizeof(dummy_cdh); | ||
851 | dummy.user_id.len = sizeof(dummy_user_id); | ||
852 | dummy.wire_data.len = sizeof(dummy_wire_data_fido); | ||
853 | |||
854 | memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len); | ||
855 | memcpy(&dummy.user_id.body, &dummy_user_id, dummy.user_id.len); | ||
856 | memcpy(&dummy.wire_data.body, &dummy_wire_data_fido, | ||
857 | dummy.wire_data.len); | ||
858 | |||
859 | blob_len = pack(blob, sizeof(blob), &dummy); | ||
860 | assert(blob_len != 0); | ||
861 | |||
862 | if (blob_len > len) { | ||
863 | memcpy(ptr, blob, len); | ||
864 | return (len); | ||
865 | } | ||
866 | |||
867 | memcpy(ptr, blob, blob_len); | ||
868 | |||
869 | return (blob_len); | ||
870 | } | ||
871 | |||
872 | size_t | ||
873 | LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, | ||
874 | unsigned int seed) NO_MSAN | ||
875 | { | ||
876 | struct param p; | ||
877 | uint8_t blob[16384]; | ||
878 | size_t blob_len; | ||
879 | |||
880 | memset(&p, 0, sizeof(p)); | ||
881 | |||
882 | if (unpack(data, size, &p) < 0) | ||
883 | return (pack_dummy(data, maxsize)); | ||
884 | |||
885 | mutate_byte(&p.rk); | ||
886 | mutate_byte(&p.type); | ||
887 | mutate_byte(&p.u2f); | ||
888 | mutate_byte(&p.uv); | ||
889 | mutate_byte(&p.excl_count); | ||
890 | |||
891 | mutate_int(&p.ext); | ||
892 | p.seed = (int)seed; | ||
893 | |||
894 | mutate_blob(&p.cdh); | ||
895 | mutate_blob(&p.user_id); | ||
896 | |||
897 | if (p.u2f & 1) { | ||
898 | p.wire_data.len = sizeof(dummy_wire_data_u2f); | ||
899 | memcpy(&p.wire_data.body, &dummy_wire_data_u2f, | ||
900 | p.wire_data.len); | ||
901 | } else { | ||
902 | p.wire_data.len = sizeof(dummy_wire_data_fido); | ||
903 | memcpy(&p.wire_data.body, &dummy_wire_data_fido, | ||
904 | p.wire_data.len); | ||
905 | } | ||
906 | |||
907 | mutate_blob(&p.wire_data); | ||
908 | mutate_blob(&p.excl_cred); | ||
909 | |||
910 | mutate_string(p.pin); | ||
911 | mutate_string(p.user_icon); | ||
912 | mutate_string(p.user_name); | ||
913 | mutate_string(p.user_nick); | ||
914 | mutate_string(p.rp_id); | ||
915 | mutate_string(p.rp_name); | ||
916 | |||
917 | blob_len = pack(blob, sizeof(blob), &p); | ||
918 | |||
919 | if (blob_len == 0 || blob_len > maxsize) | ||
920 | return (0); | ||
921 | |||
922 | memcpy(data, blob, blob_len); | ||
923 | |||
924 | return (blob_len); | ||
925 | } | ||
diff --git a/fuzz/fuzz_credman.c b/fuzz/fuzz_credman.c new file mode 100644 index 0000000..4359938 --- /dev/null +++ b/fuzz/fuzz_credman.c | |||
@@ -0,0 +1,667 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #include <assert.h> | ||
8 | #include <stdint.h> | ||
9 | #include <stdlib.h> | ||
10 | #include <string.h> | ||
11 | #include <stdio.h> | ||
12 | |||
13 | #include "mutator_aux.h" | ||
14 | #include "fido.h" | ||
15 | #include "fido/credman.h" | ||
16 | |||
17 | #include "../openbsd-compat/openbsd-compat.h" | ||
18 | |||
19 | #define TAG_META_WIRE_DATA 0x01 | ||
20 | #define TAG_RP_WIRE_DATA 0x02 | ||
21 | #define TAG_RK_WIRE_DATA 0x03 | ||
22 | #define TAG_DEL_WIRE_DATA 0x04 | ||
23 | #define TAG_CRED_ID 0x05 | ||
24 | #define TAG_PIN 0x06 | ||
25 | #define TAG_RP_ID 0x07 | ||
26 | #define TAG_SEED 0x08 | ||
27 | |||
28 | /* Parameter set defining a FIDO2 credential management operation. */ | ||
29 | struct param { | ||
30 | char pin[MAXSTR]; | ||
31 | char rp_id[MAXSTR]; | ||
32 | int seed; | ||
33 | struct blob cred_id; | ||
34 | struct blob del_wire_data; | ||
35 | struct blob meta_wire_data; | ||
36 | struct blob rk_wire_data; | ||
37 | struct blob rp_wire_data; | ||
38 | }; | ||
39 | |||
40 | /* Example parameters. */ | ||
41 | static const uint8_t dummy_cred_id[] = { | ||
42 | 0x4f, 0x72, 0x98, 0x42, 0x4a, 0xe1, 0x17, 0xa5, | ||
43 | 0x85, 0xa0, 0xef, 0x3b, 0x11, 0x24, 0x4a, 0x3d, | ||
44 | }; | ||
45 | static const char dummy_pin[] = "[n#899:~m"; | ||
46 | static const char dummy_rp_id[] = "yubico.com"; | ||
47 | |||
48 | /* | ||
49 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
50 | * 'getCredsMetadata' credential management command. | ||
51 | */ | ||
52 | static const uint8_t dummy_meta_wire_data[] = { | ||
53 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xc5, | ||
54 | 0xb7, 0x89, 0xba, 0x8d, 0x5f, 0x94, 0x1b, 0x00, | ||
55 | 0x12, 0x00, 0x04, 0x02, 0x00, 0x04, 0x05, 0x05, | ||
56 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
57 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
58 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
59 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
60 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
61 | 0x00, 0x12, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00, | ||
62 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
63 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x93, 0xc5, 0x64, | ||
64 | 0x71, 0xe9, 0xd1, 0xb8, 0xed, 0xf6, 0xd5, 0xf3, | ||
65 | 0xa7, 0xd5, 0x96, 0x70, 0xbb, 0xd5, 0x20, 0xa1, | ||
66 | 0xa3, 0xd3, 0x93, 0x4c, 0x5c, 0x20, 0x5c, 0x22, | ||
67 | 0xeb, 0xb0, 0x6a, 0x27, 0x59, 0x22, 0x58, 0x20, | ||
68 | 0x63, 0x02, 0x33, 0xa8, 0xed, 0x3c, 0xbc, 0xe9, | ||
69 | 0x00, 0x12, 0x00, 0x04, 0x00, 0xda, 0x44, 0xf5, | ||
70 | 0xed, 0xda, 0xe6, 0xa4, 0xad, 0x3f, 0x9e, 0xf8, | ||
71 | 0x50, 0x8d, 0x01, 0x47, 0x6c, 0x4e, 0x72, 0xa4, | ||
72 | 0x04, 0x13, 0xa8, 0x65, 0x97, 0x00, 0x00, 0x00, | ||
73 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
74 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
75 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
76 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
77 | 0x00, 0x12, 0x00, 0x04, 0x90, 0x00, 0x14, 0x00, | ||
78 | 0xa1, 0x02, 0x50, 0x6f, 0x11, 0x96, 0x21, 0x92, | ||
79 | 0x52, 0xf1, 0x6b, 0xd4, 0x2c, 0xe3, 0xf8, 0xc9, | ||
80 | 0x8c, 0x47, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
81 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
82 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
83 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
84 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
85 | 0x00, 0x12, 0x00, 0x04, 0x90, 0x00, 0x07, 0x00, | ||
86 | 0xa2, 0x01, 0x00, 0x02, 0x18, 0x19, 0x00, 0x00, | ||
87 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
88 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
89 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
90 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
91 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
92 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
93 | }; | ||
94 | |||
95 | /* | ||
96 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
97 | * 'enumerateRPsBegin' credential management command. | ||
98 | */ | ||
99 | static const uint8_t dummy_rp_wire_data[] = { | ||
100 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x87, | ||
101 | 0xbf, 0xc6, 0x7f, 0x36, 0xf5, 0xe2, 0x49, 0x00, | ||
102 | 0x15, 0x00, 0x02, 0x02, 0x00, 0x04, 0x05, 0x05, | ||
103 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
104 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
105 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
106 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
107 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
108 | 0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x51, 0x00, | ||
109 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
110 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x12, 0xc1, 0x81, | ||
111 | 0x6b, 0x92, 0x6a, 0x56, 0x05, 0xfe, 0xdb, 0xab, | ||
112 | 0x90, 0x2f, 0x57, 0x0b, 0x3d, 0x85, 0x3e, 0x3f, | ||
113 | 0xbc, 0xe5, 0xd3, 0xb6, 0x86, 0xdf, 0x10, 0x43, | ||
114 | 0xc2, 0xaf, 0x87, 0x34, 0x0e, 0x22, 0x58, 0x20, | ||
115 | 0xd3, 0x0f, 0x7e, 0x5d, 0x10, 0x33, 0x57, 0x24, | ||
116 | 0x00, 0x15, 0x00, 0x02, 0x00, 0x6e, 0x90, 0x58, | ||
117 | 0x61, 0x2a, 0xd2, 0xc2, 0x1e, 0x08, 0xea, 0x91, | ||
118 | 0xcb, 0x44, 0x66, 0x73, 0x29, 0x92, 0x29, 0x59, | ||
119 | 0x91, 0xa3, 0x4d, 0x2c, 0xbb, 0x00, 0x00, 0x00, | ||
120 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
121 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
122 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
123 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
124 | 0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x14, 0x00, | ||
125 | 0xa1, 0x02, 0x50, 0x6d, 0x95, 0x0e, 0x73, 0x78, | ||
126 | 0x46, 0x13, 0x2e, 0x07, 0xbf, 0xeb, 0x61, 0x31, | ||
127 | 0x37, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
128 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
129 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
130 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
131 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
132 | 0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x37, 0x00, | ||
133 | 0xa3, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6a, 0x79, | ||
134 | 0x75, 0x62, 0x69, 0x63, 0x6f, 0x2e, 0x63, 0x6f, | ||
135 | 0x6d, 0x04, 0x58, 0x20, 0x37, 0x82, 0x09, 0xb7, | ||
136 | 0x2d, 0xef, 0xcb, 0xa9, 0x1d, 0xcb, 0xf8, 0x54, | ||
137 | 0xed, 0xb4, 0xda, 0xa6, 0x48, 0x82, 0x8a, 0x2c, | ||
138 | 0xbd, 0x18, 0x0a, 0xfc, 0x77, 0xa7, 0x44, 0x34, | ||
139 | 0x65, 0x5a, 0x1c, 0x7d, 0x05, 0x03, 0x00, 0x00, | ||
140 | 0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x36, 0x00, | ||
141 | 0xa2, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6b, 0x79, | ||
142 | 0x75, 0x62, 0x69, 0x6b, 0x65, 0x79, 0x2e, 0x6f, | ||
143 | 0x72, 0x67, 0x04, 0x58, 0x20, 0x12, 0x6b, 0xba, | ||
144 | 0x6a, 0x2d, 0x7a, 0x81, 0x84, 0x25, 0x7b, 0x74, | ||
145 | 0xdd, 0x1d, 0xdd, 0x46, 0xb6, 0x2a, 0x8c, 0xa2, | ||
146 | 0xa7, 0x83, 0xfe, 0xdb, 0x5b, 0x19, 0x48, 0x73, | ||
147 | 0x55, 0xb7, 0xe3, 0x46, 0x09, 0x00, 0x00, 0x00, | ||
148 | 0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x37, 0x00, | ||
149 | 0xa2, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6c, 0x77, | ||
150 | 0x65, 0x62, 0x61, 0x75, 0x74, 0x68, 0x6e, 0x2e, | ||
151 | 0x64, 0x65, 0x76, 0x04, 0x58, 0x20, 0xd6, 0x32, | ||
152 | 0x7d, 0x8c, 0x6a, 0x5d, 0xe6, 0xae, 0x0e, 0x33, | ||
153 | 0xd0, 0xa3, 0x31, 0xfb, 0x67, 0x77, 0xb9, 0x4e, | ||
154 | 0xf4, 0x73, 0x19, 0xfe, 0x7e, 0xfd, 0xfa, 0x82, | ||
155 | 0x70, 0x8e, 0x1f, 0xbb, 0xa2, 0x55, 0x00, 0x00, | ||
156 | }; | ||
157 | |||
158 | /* | ||
159 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
160 | * 'enumerateCredentialsBegin' credential management command. | ||
161 | */ | ||
162 | static const uint8_t dummy_rk_wire_data[] = { | ||
163 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x35, | ||
164 | 0x3b, 0x34, 0xb9, 0xcb, 0xeb, 0x40, 0x55, 0x00, | ||
165 | 0x15, 0x00, 0x04, 0x02, 0x00, 0x04, 0x05, 0x05, | ||
166 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
167 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
168 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
169 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
170 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
171 | 0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00, | ||
172 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
173 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x12, 0xc1, 0x81, | ||
174 | 0x6b, 0x92, 0x6a, 0x56, 0x05, 0xfe, 0xdb, 0xab, | ||
175 | 0x90, 0x2f, 0x57, 0x0b, 0x3d, 0x85, 0x3e, 0x3f, | ||
176 | 0xbc, 0xe5, 0xd3, 0xb6, 0x86, 0xdf, 0x10, 0x43, | ||
177 | 0xc2, 0xaf, 0x87, 0x34, 0x0e, 0x22, 0x58, 0x20, | ||
178 | 0xd3, 0x0f, 0x7e, 0x5d, 0x10, 0x33, 0x57, 0x24, | ||
179 | 0x00, 0x15, 0x00, 0x04, 0x00, 0x6e, 0x90, 0x58, | ||
180 | 0x61, 0x2a, 0xd2, 0xc2, 0x1e, 0x08, 0xea, 0x91, | ||
181 | 0xcb, 0x44, 0x66, 0x73, 0x29, 0x92, 0x29, 0x59, | ||
182 | 0x91, 0xa3, 0x4d, 0x2c, 0xbb, 0x00, 0x00, 0x00, | ||
183 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
184 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
185 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
186 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
187 | 0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0x14, 0x00, | ||
188 | 0xa1, 0x02, 0x50, 0x1b, 0xf0, 0x01, 0x0d, 0x32, | ||
189 | 0xee, 0x28, 0xa4, 0x5a, 0x7f, 0x56, 0x5b, 0x28, | ||
190 | 0xfd, 0x1f, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
191 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
192 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
193 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
194 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
195 | 0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc5, 0x00, | ||
196 | 0xa5, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, | ||
197 | 0xe4, 0xe1, 0x06, 0x31, 0xde, 0x00, 0x0f, 0x4f, | ||
198 | 0x12, 0x6e, 0xc9, 0x68, 0x2d, 0x43, 0x3f, 0xf1, | ||
199 | 0x02, 0x2c, 0x6e, 0xe6, 0x96, 0x10, 0xbf, 0x73, | ||
200 | 0x35, 0xc9, 0x20, 0x27, 0x06, 0xba, 0x39, 0x09, | ||
201 | 0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, | ||
202 | 0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, | ||
203 | 0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, | ||
204 | 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, | ||
205 | 0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, | ||
206 | 0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x19, | ||
207 | 0xf7, 0x78, 0x0c, 0xa0, 0xbc, 0xb9, 0xa6, 0xd5, | ||
208 | 0x1e, 0xd7, 0x87, 0xfb, 0x6c, 0x80, 0x03, 0x64, | ||
209 | 0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, | ||
210 | 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, | ||
211 | 0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02, | ||
212 | 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x81, | ||
213 | 0x6c, 0xdd, 0x8c, 0x8f, 0x8c, 0xc8, 0x43, 0xa7, | ||
214 | 0xbb, 0x79, 0x51, 0x09, 0xb1, 0xdf, 0xbe, 0xc4, | ||
215 | 0xa5, 0x54, 0x16, 0x9e, 0x58, 0x56, 0xb3, 0x0b, | ||
216 | 0x34, 0x4f, 0xa5, 0x6c, 0x05, 0xa2, 0x21, 0x22, | ||
217 | 0x58, 0x20, 0xcd, 0xc2, 0x0c, 0x99, 0x83, 0x5a, | ||
218 | 0x61, 0x73, 0xd8, 0xe0, 0x74, 0x23, 0x46, 0x64, | ||
219 | 0x00, 0x15, 0x00, 0x04, 0x02, 0x39, 0x4c, 0xb0, | ||
220 | 0xf4, 0x6c, 0x0a, 0x37, 0x72, 0xaa, 0xa8, 0xea, | ||
221 | 0x58, 0xd3, 0xd4, 0xe0, 0x51, 0xb2, 0x28, 0x09, | ||
222 | 0x05, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
223 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
224 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
225 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
226 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
227 | 0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xa0, 0x00, | ||
228 | 0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, | ||
229 | 0x56, 0xa1, 0x3c, 0x06, 0x2b, 0xad, 0xa2, 0x21, | ||
230 | 0x7d, 0xcd, 0x91, 0x08, 0x47, 0xa8, 0x8a, 0x06, | ||
231 | 0x06, 0xf6, 0x66, 0x91, 0xf6, 0xeb, 0x89, 0xe4, | ||
232 | 0xdf, 0x26, 0xbc, 0x46, 0x59, 0xc3, 0x7d, 0xc0, | ||
233 | 0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, | ||
234 | 0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, | ||
235 | 0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, | ||
236 | 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, | ||
237 | 0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, | ||
238 | 0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0xd8, | ||
239 | 0x27, 0x4b, 0x25, 0xed, 0x19, 0xef, 0x11, 0xaf, | ||
240 | 0xa6, 0x89, 0x7b, 0x84, 0x50, 0xe7, 0x62, 0x64, | ||
241 | 0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, | ||
242 | 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, | ||
243 | 0x00, 0x15, 0x00, 0x04, 0x01, 0xa4, 0x01, 0x01, | ||
244 | 0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0x8d, | ||
245 | 0xfe, 0x45, 0xd5, 0x7d, 0xb6, 0x17, 0xab, 0x86, | ||
246 | 0x2d, 0x32, 0xf6, 0x85, 0xf0, 0x92, 0x76, 0xb7, | ||
247 | 0xce, 0x73, 0xca, 0x4e, 0x0e, 0xfd, 0xd5, 0xdb, | ||
248 | 0x2a, 0x1d, 0x55, 0x90, 0x96, 0x52, 0xc2, 0x0a, | ||
249 | 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
250 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
251 | 0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xa0, 0x00, | ||
252 | 0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, | ||
253 | 0x04, 0x0e, 0x0f, 0xa0, 0xcd, 0x60, 0x35, 0x9a, | ||
254 | 0xba, 0x47, 0x0c, 0x10, 0xb6, 0x82, 0x6e, 0x2f, | ||
255 | 0x66, 0xb9, 0xa7, 0xcf, 0xd8, 0x47, 0xb4, 0x3d, | ||
256 | 0xfd, 0x77, 0x1a, 0x38, 0x22, 0xa1, 0xda, 0xa5, | ||
257 | 0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, | ||
258 | 0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, | ||
259 | 0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, | ||
260 | 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, | ||
261 | 0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, | ||
262 | 0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x00, | ||
263 | 0x5d, 0xdf, 0xef, 0xe2, 0xf3, 0x06, 0xb2, 0xa5, | ||
264 | 0x46, 0x4d, 0x98, 0xbc, 0x14, 0x65, 0xc1, 0x64, | ||
265 | 0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, | ||
266 | 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, | ||
267 | 0x00, 0x15, 0x00, 0x04, 0x01, 0xa4, 0x01, 0x01, | ||
268 | 0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0x72, | ||
269 | 0x79, 0x14, 0x69, 0xdf, 0xcb, 0x64, 0x75, 0xee, | ||
270 | 0xd4, 0x45, 0x94, 0xbc, 0x48, 0x4d, 0x2a, 0x9f, | ||
271 | 0xc9, 0xf4, 0xb5, 0x1b, 0x05, 0xa6, 0x5b, 0x54, | ||
272 | 0x9a, 0xac, 0x6c, 0x2e, 0xc6, 0x90, 0x62, 0x0a, | ||
273 | 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
274 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
275 | 0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc3, 0x00, | ||
276 | 0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, | ||
277 | 0xce, 0x32, 0xd8, 0x79, 0xdd, 0x86, 0xa2, 0x42, | ||
278 | 0x7c, 0xc3, 0xe1, 0x95, 0x12, 0x93, 0x1a, 0x03, | ||
279 | 0xe6, 0x70, 0xb8, 0xff, 0xcd, 0xa5, 0xdf, 0x15, | ||
280 | 0xfc, 0x88, 0x2a, 0xf5, 0x44, 0xf1, 0x33, 0x9c, | ||
281 | 0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, | ||
282 | 0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, | ||
283 | 0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, | ||
284 | 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, | ||
285 | 0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, | ||
286 | 0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x0a, | ||
287 | 0x26, 0x5b, 0x7e, 0x1a, 0x2a, 0xba, 0x70, 0x5f, | ||
288 | 0x18, 0x26, 0x14, 0xb2, 0x71, 0xca, 0x98, 0x64, | ||
289 | 0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, | ||
290 | 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, | ||
291 | 0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02, | ||
292 | 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x8b, | ||
293 | 0x48, 0xf0, 0x69, 0xfb, 0x22, 0xfb, 0xf3, 0x86, | ||
294 | 0x57, 0x7c, 0xdd, 0x82, 0x2c, 0x1c, 0x0c, 0xdc, | ||
295 | 0x27, 0xe2, 0x6a, 0x4c, 0x1a, 0x10, 0x04, 0x27, | ||
296 | 0x51, 0x3e, 0x2a, 0x9d, 0x3a, 0xb6, 0xb5, 0x22, | ||
297 | 0x58, 0x20, 0x70, 0xfe, 0x91, 0x67, 0x64, 0x53, | ||
298 | 0x63, 0x83, 0x72, 0x31, 0xe9, 0xe5, 0x20, 0xb7, | ||
299 | 0x00, 0x15, 0x00, 0x04, 0x02, 0xee, 0xc9, 0xfb, | ||
300 | 0x63, 0xd7, 0xe4, 0x76, 0x39, 0x80, 0x82, 0x74, | ||
301 | 0xb8, 0xfa, 0x67, 0xf5, 0x1b, 0x8f, 0xe0, 0x0a, | ||
302 | 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
303 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
304 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
305 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
306 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
307 | 0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc3, 0x00, | ||
308 | 0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, | ||
309 | 0xf9, 0xa3, 0x67, 0xbf, 0x5e, 0x80, 0x95, 0xdb, | ||
310 | 0x4c, 0xc5, 0x8f, 0x65, 0x36, 0xc5, 0xaf, 0xdd, | ||
311 | 0x90, 0x2e, 0x62, 0x68, 0x67, 0x9c, 0xa2, 0x26, | ||
312 | 0x2f, 0x2a, 0xf9, 0x3a, 0xda, 0x15, 0xf2, 0x27, | ||
313 | 0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, | ||
314 | 0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, | ||
315 | 0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, | ||
316 | 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, | ||
317 | 0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, | ||
318 | 0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0xfb, | ||
319 | 0xa6, 0xbe, 0xc1, 0x01, 0xf6, 0x7a, 0x81, 0xf9, | ||
320 | 0xcd, 0x6d, 0x20, 0x41, 0x7a, 0x1c, 0x40, 0x64, | ||
321 | 0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, | ||
322 | 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, | ||
323 | 0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02, | ||
324 | 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xda, | ||
325 | 0x2b, 0x53, 0xc3, 0xbe, 0x48, 0xf8, 0xab, 0xbd, | ||
326 | 0x06, 0x28, 0x46, 0xfa, 0x35, 0xab, 0xf9, 0xc5, | ||
327 | 0x2e, 0xfd, 0x3c, 0x38, 0x88, 0xb3, 0xe1, 0xa7, | ||
328 | 0xc5, 0xc6, 0xed, 0x72, 0x54, 0x37, 0x93, 0x22, | ||
329 | 0x58, 0x20, 0x12, 0x82, 0x32, 0x2d, 0xab, 0xbc, | ||
330 | 0x64, 0xb3, 0xed, 0xcc, 0xd5, 0x22, 0xec, 0x79, | ||
331 | 0x00, 0x15, 0x00, 0x04, 0x02, 0x4b, 0xe2, 0x4d, | ||
332 | 0x0c, 0x4b, 0x8d, 0x31, 0x4c, 0xb4, 0x0f, 0xd4, | ||
333 | 0xa9, 0xbe, 0x0c, 0xab, 0x9e, 0x0a, 0xc9, 0x0a, | ||
334 | 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
335 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
336 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
337 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
338 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
339 | }; | ||
340 | |||
341 | /* | ||
342 | * Collection of HID reports from an authenticator issued with a FIDO2 | ||
343 | * 'deleteCredential' credential management command. | ||
344 | */ | ||
345 | static const uint8_t dummy_del_wire_data[] = { | ||
346 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x8b, | ||
347 | 0xe1, 0xf0, 0x3a, 0x18, 0xa5, 0xda, 0x59, 0x00, | ||
348 | 0x15, 0x00, 0x05, 0x02, 0x00, 0x04, 0x05, 0x05, | ||
349 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
350 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
351 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
352 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
353 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
354 | 0x00, 0x15, 0x00, 0x05, 0x90, 0x00, 0x51, 0x00, | ||
355 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
356 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x12, 0xc1, 0x81, | ||
357 | 0x6b, 0x92, 0x6a, 0x56, 0x05, 0xfe, 0xdb, 0xab, | ||
358 | 0x90, 0x2f, 0x57, 0x0b, 0x3d, 0x85, 0x3e, 0x3f, | ||
359 | 0xbc, 0xe5, 0xd3, 0xb6, 0x86, 0xdf, 0x10, 0x43, | ||
360 | 0xc2, 0xaf, 0x87, 0x34, 0x0e, 0x22, 0x58, 0x20, | ||
361 | 0xd3, 0x0f, 0x7e, 0x5d, 0x10, 0x33, 0x57, 0x24, | ||
362 | 0x00, 0x15, 0x00, 0x05, 0x00, 0x6e, 0x90, 0x58, | ||
363 | 0x61, 0x2a, 0xd2, 0xc2, 0x1e, 0x08, 0xea, 0x91, | ||
364 | 0xcb, 0x44, 0x66, 0x73, 0x29, 0x92, 0x29, 0x59, | ||
365 | 0x91, 0xa3, 0x4d, 0x2c, 0xbb, 0x00, 0x00, 0x00, | ||
366 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
367 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
368 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
369 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
370 | 0x00, 0x15, 0x00, 0x05, 0x90, 0x00, 0x14, 0x00, | ||
371 | 0xa1, 0x02, 0x50, 0x33, 0xf1, 0x3b, 0xde, 0x1e, | ||
372 | 0xa5, 0xd1, 0xbf, 0xf6, 0x5d, 0x63, 0xb6, 0xfc, | ||
373 | 0xd2, 0x24, 0xe8, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
374 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
375 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
376 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
377 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
378 | 0x00, 0x15, 0x00, 0x05, 0x90, 0x00, 0x01, 0x00, | ||
379 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
380 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
381 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
382 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
383 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
384 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
385 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
386 | }; | ||
387 | |||
388 | int LLVMFuzzerTestOneInput(const uint8_t *, size_t); | ||
389 | size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); | ||
390 | |||
391 | static int | ||
392 | unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN | ||
393 | { | ||
394 | uint8_t **pp = (void *)&ptr; | ||
395 | |||
396 | if (unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || | ||
397 | unpack_string(TAG_RP_ID, pp, &len, p->rp_id) < 0 || | ||
398 | unpack_blob(TAG_CRED_ID, pp, &len, &p->cred_id) < 0 || | ||
399 | unpack_blob(TAG_META_WIRE_DATA, pp, &len, &p->meta_wire_data) < 0 || | ||
400 | unpack_blob(TAG_RP_WIRE_DATA, pp, &len, &p->rp_wire_data) < 0 || | ||
401 | unpack_blob(TAG_RK_WIRE_DATA, pp, &len, &p->rk_wire_data) < 0 || | ||
402 | unpack_blob(TAG_DEL_WIRE_DATA, pp, &len, &p->del_wire_data) < 0 || | ||
403 | unpack_int(TAG_SEED, pp, &len, &p->seed) < 0) | ||
404 | return (-1); | ||
405 | |||
406 | return (0); | ||
407 | } | ||
408 | |||
409 | static size_t | ||
410 | pack(uint8_t *ptr, size_t len, const struct param *p) | ||
411 | { | ||
412 | const size_t max = len; | ||
413 | |||
414 | if (pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || | ||
415 | pack_string(TAG_RP_ID, &ptr, &len, p->rp_id) < 0 || | ||
416 | pack_blob(TAG_CRED_ID, &ptr, &len, &p->cred_id) < 0 || | ||
417 | pack_blob(TAG_META_WIRE_DATA, &ptr, &len, &p->meta_wire_data) < 0 || | ||
418 | pack_blob(TAG_RP_WIRE_DATA, &ptr, &len, &p->rp_wire_data) < 0 || | ||
419 | pack_blob(TAG_RK_WIRE_DATA, &ptr, &len, &p->rk_wire_data) < 0 || | ||
420 | pack_blob(TAG_DEL_WIRE_DATA, &ptr, &len, &p->del_wire_data) < 0 || | ||
421 | pack_int(TAG_SEED, &ptr, &len, p->seed) < 0) | ||
422 | return (0); | ||
423 | |||
424 | return (max - len); | ||
425 | } | ||
426 | |||
427 | static fido_dev_t * | ||
428 | prepare_dev() | ||
429 | { | ||
430 | fido_dev_t *dev; | ||
431 | fido_dev_io_t io; | ||
432 | |||
433 | io.open = dev_open; | ||
434 | io.close = dev_close; | ||
435 | io.read = dev_read; | ||
436 | io.write = dev_write; | ||
437 | |||
438 | if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev, | ||
439 | &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) { | ||
440 | fido_dev_free(&dev); | ||
441 | return (NULL); | ||
442 | } | ||
443 | |||
444 | return (dev); | ||
445 | } | ||
446 | |||
447 | static void | ||
448 | get_metadata(struct param *p) | ||
449 | { | ||
450 | fido_dev_t *dev; | ||
451 | fido_credman_metadata_t *metadata; | ||
452 | uint64_t existing; | ||
453 | uint64_t remaining; | ||
454 | |||
455 | set_wire_data(p->meta_wire_data.body, p->meta_wire_data.len); | ||
456 | |||
457 | if ((dev = prepare_dev()) == NULL) { | ||
458 | return; | ||
459 | } | ||
460 | if ((metadata = fido_credman_metadata_new()) == NULL) { | ||
461 | fido_dev_close(dev); | ||
462 | fido_dev_free(&dev); | ||
463 | return; | ||
464 | } | ||
465 | |||
466 | fido_credman_get_dev_metadata(dev, metadata, p->pin); | ||
467 | |||
468 | existing = fido_credman_rk_existing(metadata); | ||
469 | remaining = fido_credman_rk_remaining(metadata); | ||
470 | consume(&existing, sizeof(existing)); | ||
471 | consume(&remaining, sizeof(remaining)); | ||
472 | |||
473 | fido_credman_metadata_free(&metadata); | ||
474 | fido_dev_close(dev); | ||
475 | fido_dev_free(&dev); | ||
476 | } | ||
477 | |||
478 | static void | ||
479 | get_rp_list(struct param *p) | ||
480 | { | ||
481 | fido_dev_t *dev; | ||
482 | fido_credman_rp_t *rp; | ||
483 | |||
484 | set_wire_data(p->rp_wire_data.body, p->rp_wire_data.len); | ||
485 | |||
486 | if ((dev = prepare_dev()) == NULL) { | ||
487 | return; | ||
488 | } | ||
489 | if ((rp = fido_credman_rp_new()) == NULL) { | ||
490 | fido_dev_close(dev); | ||
491 | fido_dev_free(&dev); | ||
492 | return; | ||
493 | } | ||
494 | |||
495 | fido_credman_get_dev_rp(dev, rp, p->pin); | ||
496 | |||
497 | /* +1 on purpose */ | ||
498 | for (size_t i = 0; i < fido_credman_rp_count(rp) + 1; i++) { | ||
499 | consume(fido_credman_rp_id_hash_ptr(rp, i), | ||
500 | fido_credman_rp_id_hash_len(rp, i)); | ||
501 | consume(fido_credman_rp_id(rp, i), | ||
502 | xstrlen(fido_credman_rp_id(rp, i))); | ||
503 | consume(fido_credman_rp_name(rp, i), | ||
504 | xstrlen(fido_credman_rp_name(rp, i))); | ||
505 | } | ||
506 | |||
507 | fido_credman_rp_free(&rp); | ||
508 | fido_dev_close(dev); | ||
509 | fido_dev_free(&dev); | ||
510 | } | ||
511 | |||
512 | static void | ||
513 | get_rk_list(struct param *p) | ||
514 | { | ||
515 | fido_dev_t *dev; | ||
516 | fido_credman_rk_t *rk; | ||
517 | const fido_cred_t *cred; | ||
518 | int type; | ||
519 | |||
520 | set_wire_data(p->rk_wire_data.body, p->rk_wire_data.len); | ||
521 | |||
522 | if ((dev = prepare_dev()) == NULL) { | ||
523 | return; | ||
524 | } | ||
525 | if ((rk = fido_credman_rk_new()) == NULL) { | ||
526 | fido_dev_close(dev); | ||
527 | fido_dev_free(&dev); | ||
528 | return; | ||
529 | } | ||
530 | |||
531 | fido_credman_get_dev_rk(dev, p->rp_id, rk, p->pin); | ||
532 | |||
533 | /* +1 on purpose */ | ||
534 | for (size_t i = 0; i < fido_credman_rk_count(rk) + 1; i++) { | ||
535 | if ((cred = fido_credman_rk(rk, i)) == NULL) { | ||
536 | assert(i >= fido_credman_rk_count(rk)); | ||
537 | continue; | ||
538 | } | ||
539 | type = fido_cred_type(cred); | ||
540 | consume(&type, sizeof(type)); | ||
541 | consume(fido_cred_id_ptr(cred), fido_cred_id_len(cred)); | ||
542 | consume(fido_cred_pubkey_ptr(cred), fido_cred_pubkey_len(cred)); | ||
543 | consume(fido_cred_user_id_ptr(cred), | ||
544 | fido_cred_user_id_len(cred)); | ||
545 | consume(fido_cred_user_name(cred), | ||
546 | xstrlen(fido_cred_user_name(cred))); | ||
547 | consume(fido_cred_display_name(cred), | ||
548 | xstrlen(fido_cred_display_name(cred))); | ||
549 | } | ||
550 | |||
551 | fido_credman_rk_free(&rk); | ||
552 | fido_dev_close(dev); | ||
553 | fido_dev_free(&dev); | ||
554 | } | ||
555 | |||
556 | static void | ||
557 | del_rk(struct param *p) | ||
558 | { | ||
559 | fido_dev_t *dev; | ||
560 | |||
561 | set_wire_data(p->del_wire_data.body, p->del_wire_data.len); | ||
562 | |||
563 | if ((dev = prepare_dev()) == NULL) { | ||
564 | return; | ||
565 | } | ||
566 | |||
567 | fido_credman_del_dev_rk(dev, p->cred_id.body, p->cred_id.len, p->pin); | ||
568 | fido_dev_close(dev); | ||
569 | fido_dev_free(&dev); | ||
570 | } | ||
571 | |||
572 | int | ||
573 | LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
574 | { | ||
575 | struct param p; | ||
576 | |||
577 | memset(&p, 0, sizeof(p)); | ||
578 | |||
579 | if (unpack(data, size, &p) < 0) | ||
580 | return (0); | ||
581 | |||
582 | srandom((unsigned int)p.seed); | ||
583 | |||
584 | fido_init(0); | ||
585 | |||
586 | get_metadata(&p); | ||
587 | get_rp_list(&p); | ||
588 | get_rk_list(&p); | ||
589 | del_rk(&p); | ||
590 | |||
591 | return (0); | ||
592 | } | ||
593 | |||
594 | static size_t | ||
595 | pack_dummy(uint8_t *ptr, size_t len) | ||
596 | { | ||
597 | struct param dummy; | ||
598 | uint8_t blob[32768]; | ||
599 | size_t blob_len; | ||
600 | |||
601 | memset(&dummy, 0, sizeof(dummy)); | ||
602 | |||
603 | strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin)); | ||
604 | strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id)); | ||
605 | |||
606 | dummy.meta_wire_data.len = sizeof(dummy_meta_wire_data); | ||
607 | dummy.rp_wire_data.len = sizeof(dummy_rp_wire_data); | ||
608 | dummy.rk_wire_data.len = sizeof(dummy_rk_wire_data); | ||
609 | dummy.del_wire_data.len = sizeof(dummy_del_wire_data); | ||
610 | dummy.cred_id.len = sizeof(dummy_cred_id); | ||
611 | |||
612 | memcpy(&dummy.meta_wire_data.body, &dummy_meta_wire_data, | ||
613 | dummy.meta_wire_data.len); | ||
614 | memcpy(&dummy.rp_wire_data.body, &dummy_rp_wire_data, | ||
615 | dummy.rp_wire_data.len); | ||
616 | memcpy(&dummy.rk_wire_data.body, &dummy_rk_wire_data, | ||
617 | dummy.rk_wire_data.len); | ||
618 | memcpy(&dummy.del_wire_data.body, &dummy_del_wire_data, | ||
619 | dummy.del_wire_data.len); | ||
620 | memcpy(&dummy.cred_id.body, &dummy_cred_id, dummy.cred_id.len); | ||
621 | |||
622 | blob_len = pack(blob, sizeof(blob), &dummy); | ||
623 | assert(blob_len != 0); | ||
624 | |||
625 | if (blob_len > len) { | ||
626 | memcpy(ptr, blob, len); | ||
627 | return (len); | ||
628 | } | ||
629 | |||
630 | memcpy(ptr, blob, blob_len); | ||
631 | |||
632 | return (blob_len); | ||
633 | } | ||
634 | |||
635 | size_t | ||
636 | LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, | ||
637 | unsigned int seed) NO_MSAN | ||
638 | { | ||
639 | struct param p; | ||
640 | uint8_t blob[16384]; | ||
641 | size_t blob_len; | ||
642 | |||
643 | memset(&p, 0, sizeof(p)); | ||
644 | |||
645 | if (unpack(data, size, &p) < 0) | ||
646 | return (pack_dummy(data, maxsize)); | ||
647 | |||
648 | p.seed = (int)seed; | ||
649 | |||
650 | mutate_blob(&p.cred_id); | ||
651 | mutate_blob(&p.meta_wire_data); | ||
652 | mutate_blob(&p.rp_wire_data); | ||
653 | mutate_blob(&p.rk_wire_data); | ||
654 | mutate_blob(&p.del_wire_data); | ||
655 | |||
656 | mutate_string(p.pin); | ||
657 | mutate_string(p.rp_id); | ||
658 | |||
659 | blob_len = pack(blob, sizeof(blob), &p); | ||
660 | |||
661 | if (blob_len == 0 || blob_len > maxsize) | ||
662 | return (0); | ||
663 | |||
664 | memcpy(data, blob, blob_len); | ||
665 | |||
666 | return (blob_len); | ||
667 | } | ||
diff --git a/fuzz/fuzz_mgmt.c b/fuzz/fuzz_mgmt.c new file mode 100644 index 0000000..741b375 --- /dev/null +++ b/fuzz/fuzz_mgmt.c | |||
@@ -0,0 +1,529 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #include <assert.h> | ||
8 | #include <stdint.h> | ||
9 | #include <stdio.h> | ||
10 | #include <stdlib.h> | ||
11 | #include <string.h> | ||
12 | |||
13 | #include "mutator_aux.h" | ||
14 | #include "fido.h" | ||
15 | |||
16 | #include "../openbsd-compat/openbsd-compat.h" | ||
17 | |||
18 | #define TAG_PIN1 0x01 | ||
19 | #define TAG_PIN2 0x02 | ||
20 | #define TAG_RESET_WIRE_DATA 0x03 | ||
21 | #define TAG_INFO_WIRE_DATA 0x04 | ||
22 | #define TAG_SET_PIN_WIRE_DATA 0x05 | ||
23 | #define TAG_CHANGE_PIN_WIRE_DATA 0x06 | ||
24 | #define TAG_RETRY_WIRE_DATA 0x07 | ||
25 | #define TAG_SEED 0x08 | ||
26 | |||
27 | struct param { | ||
28 | char pin1[MAXSTR]; | ||
29 | char pin2[MAXSTR]; | ||
30 | struct blob reset_wire_data; | ||
31 | struct blob info_wire_data; | ||
32 | struct blob set_pin_wire_data; | ||
33 | struct blob change_pin_wire_data; | ||
34 | struct blob retry_wire_data; | ||
35 | int seed; | ||
36 | }; | ||
37 | |||
38 | /* Example parameters. */ | ||
39 | static const char dummy_pin1[] = "skepp cg0u3;Y.."; | ||
40 | static const char dummy_pin2[] = "bastilha 6rJrfQZI."; | ||
41 | |||
42 | static const uint8_t dummy_reset_wire_data[] = { | ||
43 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x91, | ||
44 | 0xef, 0xbe, 0x74, 0x39, 0x1a, 0x1c, 0x4a, 0x00, | ||
45 | 0x22, 0x00, 0x01, 0x02, 0x05, 0x02, 0x01, 0x05, | ||
46 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
47 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
48 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
49 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
50 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
51 | 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02, | ||
52 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
53 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
54 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
55 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
56 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
57 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
58 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
59 | 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02, | ||
60 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
61 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
62 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
63 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
64 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
65 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
66 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
67 | 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02, | ||
68 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
69 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
70 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
71 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
72 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
73 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
74 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
75 | 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02, | ||
76 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
77 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
78 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
79 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
80 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
81 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
82 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
83 | 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02, | ||
84 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
85 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
86 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
87 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
88 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
89 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
90 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
91 | 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x01, | ||
92 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
93 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
94 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
95 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
96 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
97 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
98 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
99 | 0x00, 0x22, 0x00, 0x01, 0x90, 0x00, 0x01, 0x00, | ||
100 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
101 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
102 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
103 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
104 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
105 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
106 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
107 | }; | ||
108 | |||
109 | static const uint8_t dummy_info_wire_data[] = { | ||
110 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x80, | ||
111 | 0x43, 0x56, 0x40, 0xb1, 0x4e, 0xd9, 0x2d, 0x00, | ||
112 | 0x22, 0x00, 0x02, 0x02, 0x05, 0x02, 0x01, 0x05, | ||
113 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
114 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
115 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
116 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
117 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
118 | 0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xb9, 0x00, | ||
119 | 0xa9, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5f, | ||
120 | 0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4f, 0x5f, | ||
121 | 0x32, 0x5f, 0x30, 0x6c, 0x46, 0x49, 0x44, 0x4f, | ||
122 | 0x5f, 0x32, 0x5f, 0x31, 0x5f, 0x50, 0x52, 0x45, | ||
123 | 0x02, 0x82, 0x6b, 0x63, 0x72, 0x65, 0x64, 0x50, | ||
124 | 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x6b, 0x68, | ||
125 | 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x65, 0x63, 0x72, | ||
126 | 0x00, 0x22, 0x00, 0x02, 0x00, 0x65, 0x74, 0x03, | ||
127 | 0x50, 0x19, 0x56, 0xe5, 0xbd, 0xa3, 0x74, 0x45, | ||
128 | 0xf1, 0xa8, 0x14, 0x35, 0x64, 0x03, 0xfd, 0xbc, | ||
129 | 0x18, 0x04, 0xa5, 0x62, 0x72, 0x6b, 0xf5, 0x62, | ||
130 | 0x75, 0x70, 0xf5, 0x64, 0x70, 0x6c, 0x61, 0x74, | ||
131 | 0xf4, 0x69, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, | ||
132 | 0x50, 0x69, 0x6e, 0xf4, 0x75, 0x63, 0x72, 0x65, | ||
133 | 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4d, | ||
134 | 0x00, 0x22, 0x00, 0x02, 0x01, 0x67, 0x6d, 0x74, | ||
135 | 0x50, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0xf5, | ||
136 | 0x05, 0x19, 0x04, 0xb0, 0x06, 0x81, 0x01, 0x07, | ||
137 | 0x08, 0x08, 0x18, 0x80, 0x0a, 0x82, 0xa2, 0x63, | ||
138 | 0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, | ||
139 | 0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, | ||
140 | 0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c, | ||
141 | 0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a, | ||
142 | 0x00, 0x22, 0x00, 0x02, 0x02, 0x70, 0x75, 0x62, | ||
143 | 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x00, | ||
144 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
145 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
146 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
147 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
148 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
149 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
150 | }; | ||
151 | |||
152 | static const uint8_t dummy_set_pin_wire_data[] = { | ||
153 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x59, | ||
154 | 0x50, 0x8c, 0x27, 0x14, 0x83, 0x43, 0xd5, 0x00, | ||
155 | 0x22, 0x00, 0x03, 0x02, 0x05, 0x02, 0x01, 0x05, | ||
156 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
157 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
158 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
159 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
160 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
161 | 0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00, | ||
162 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
163 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d, | ||
164 | 0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b, | ||
165 | 0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01, | ||
166 | 0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05, | ||
167 | 0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20, | ||
168 | 0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c, | ||
169 | 0x00, 0x22, 0x00, 0x03, 0x00, 0x3f, 0xf1, 0x60, | ||
170 | 0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d, | ||
171 | 0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77, | ||
172 | 0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00, | ||
173 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
174 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
175 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
176 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
177 | 0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x01, 0x00, | ||
178 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
179 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
180 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
181 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
182 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
183 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
184 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
185 | }; | ||
186 | |||
187 | static const uint8_t dummy_change_pin_wire_data[] = { | ||
188 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x48, | ||
189 | 0xfd, 0xf9, 0xde, 0x28, 0x21, 0x99, 0xd5, 0x00, | ||
190 | 0x22, 0x00, 0x04, 0x02, 0x05, 0x02, 0x01, 0x05, | ||
191 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
192 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
193 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
194 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
195 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
196 | 0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00, | ||
197 | 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, | ||
198 | 0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d, | ||
199 | 0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b, | ||
200 | 0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01, | ||
201 | 0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05, | ||
202 | 0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20, | ||
203 | 0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c, | ||
204 | 0x00, 0x22, 0x00, 0x04, 0x00, 0x3f, 0xf1, 0x60, | ||
205 | 0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d, | ||
206 | 0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77, | ||
207 | 0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00, | ||
208 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
209 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
210 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
211 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
212 | 0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x01, 0x00, | ||
213 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
214 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
215 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
216 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
217 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
218 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
219 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
220 | }; | ||
221 | |||
222 | static const uint8_t dummy_retry_wire_data[] = { | ||
223 | 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x7f, | ||
224 | 0xaa, 0x73, 0x3e, 0x95, 0x98, 0xa8, 0x60, 0x00, | ||
225 | 0x22, 0x00, 0x05, 0x02, 0x05, 0x02, 0x01, 0x05, | ||
226 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
227 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
228 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
229 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
230 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
231 | 0x00, 0x22, 0x00, 0x05, 0x90, 0x00, 0x04, 0x00, | ||
232 | 0xa1, 0x03, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
233 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
234 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
235 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
236 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
237 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
238 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | ||
239 | }; | ||
240 | |||
241 | int LLVMFuzzerTestOneInput(const uint8_t *, size_t); | ||
242 | size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); | ||
243 | |||
244 | static int | ||
245 | unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN | ||
246 | { | ||
247 | uint8_t **pp = (void *)&ptr; | ||
248 | |||
249 | if (unpack_string(TAG_PIN1, pp, &len, p->pin1) < 0 || | ||
250 | unpack_string(TAG_PIN2, pp, &len, p->pin2) < 0 || | ||
251 | unpack_blob(TAG_RESET_WIRE_DATA, pp, &len, &p->reset_wire_data) < 0 || | ||
252 | unpack_blob(TAG_INFO_WIRE_DATA, pp, &len, &p->info_wire_data) < 0 || | ||
253 | unpack_blob(TAG_SET_PIN_WIRE_DATA, pp, &len, &p->set_pin_wire_data) < 0 || | ||
254 | unpack_blob(TAG_CHANGE_PIN_WIRE_DATA, pp, &len, &p->change_pin_wire_data) < 0 || | ||
255 | unpack_blob(TAG_RETRY_WIRE_DATA, pp, &len, &p->retry_wire_data) < 0 || | ||
256 | unpack_int(TAG_SEED, pp, &len, &p->seed) < 0) | ||
257 | return (-1); | ||
258 | |||
259 | return (0); | ||
260 | } | ||
261 | |||
262 | static size_t | ||
263 | pack(uint8_t *ptr, size_t len, const struct param *p) | ||
264 | { | ||
265 | const size_t max = len; | ||
266 | |||
267 | if (pack_string(TAG_PIN1, &ptr, &len, p->pin1) < 0 || | ||
268 | pack_string(TAG_PIN2, &ptr, &len, p->pin2) < 0 || | ||
269 | pack_blob(TAG_RESET_WIRE_DATA, &ptr, &len, &p->reset_wire_data) < 0 || | ||
270 | pack_blob(TAG_INFO_WIRE_DATA, &ptr, &len, &p->info_wire_data) < 0 || | ||
271 | pack_blob(TAG_SET_PIN_WIRE_DATA, &ptr, &len, &p->set_pin_wire_data) < 0 || | ||
272 | pack_blob(TAG_CHANGE_PIN_WIRE_DATA, &ptr, &len, &p->change_pin_wire_data) < 0 || | ||
273 | pack_blob(TAG_RETRY_WIRE_DATA, &ptr, &len, &p->retry_wire_data) < 0 || | ||
274 | pack_int(TAG_SEED, &ptr, &len, p->seed) < 0) | ||
275 | return (0); | ||
276 | |||
277 | return (max - len); | ||
278 | } | ||
279 | |||
280 | static fido_dev_t * | ||
281 | prepare_dev() | ||
282 | { | ||
283 | fido_dev_t *dev; | ||
284 | fido_dev_io_t io; | ||
285 | |||
286 | io.open = dev_open; | ||
287 | io.close = dev_close; | ||
288 | io.read = dev_read; | ||
289 | io.write = dev_write; | ||
290 | |||
291 | if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev, | ||
292 | &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) { | ||
293 | fido_dev_free(&dev); | ||
294 | return (NULL); | ||
295 | } | ||
296 | |||
297 | return (dev); | ||
298 | } | ||
299 | |||
300 | static void | ||
301 | dev_reset(struct param *p) | ||
302 | { | ||
303 | fido_dev_t *dev; | ||
304 | |||
305 | set_wire_data(p->reset_wire_data.body, p->reset_wire_data.len); | ||
306 | |||
307 | if ((dev = prepare_dev()) == NULL) { | ||
308 | return; | ||
309 | } | ||
310 | |||
311 | fido_dev_reset(dev); | ||
312 | fido_dev_close(dev); | ||
313 | fido_dev_free(&dev); | ||
314 | } | ||
315 | |||
316 | static void | ||
317 | dev_get_cbor_info(struct param *p) | ||
318 | { | ||
319 | fido_dev_t *dev; | ||
320 | fido_cbor_info_t *ci; | ||
321 | uint64_t n; | ||
322 | uint8_t proto; | ||
323 | uint8_t major; | ||
324 | uint8_t minor; | ||
325 | uint8_t build; | ||
326 | uint8_t flags; | ||
327 | |||
328 | set_wire_data(p->info_wire_data.body, p->info_wire_data.len); | ||
329 | |||
330 | if ((dev = prepare_dev()) == NULL) { | ||
331 | return; | ||
332 | } | ||
333 | |||
334 | proto = fido_dev_protocol(dev); | ||
335 | major = fido_dev_major(dev); | ||
336 | minor = fido_dev_minor(dev); | ||
337 | build = fido_dev_build(dev); | ||
338 | flags = fido_dev_flags(dev); | ||
339 | |||
340 | consume(&proto, sizeof(proto)); | ||
341 | consume(&major, sizeof(major)); | ||
342 | consume(&minor, sizeof(minor)); | ||
343 | consume(&build, sizeof(build)); | ||
344 | consume(&flags, sizeof(flags)); | ||
345 | |||
346 | if ((ci = fido_cbor_info_new()) == NULL) { | ||
347 | fido_dev_close(dev); | ||
348 | fido_dev_free(&dev); | ||
349 | return; | ||
350 | } | ||
351 | |||
352 | fido_dev_get_cbor_info(dev, ci); | ||
353 | fido_dev_close(dev); | ||
354 | fido_dev_free(&dev); | ||
355 | |||
356 | for (size_t i = 0; i < fido_cbor_info_versions_len(ci); i++) { | ||
357 | char * const *sa = fido_cbor_info_versions_ptr(ci); | ||
358 | consume(sa[i], strlen(sa[i])); | ||
359 | } | ||
360 | for (size_t i = 0; i < fido_cbor_info_extensions_len(ci); i++) { | ||
361 | char * const *sa = fido_cbor_info_extensions_ptr(ci); | ||
362 | consume(sa[i], strlen(sa[i])); | ||
363 | } | ||
364 | |||
365 | for (size_t i = 0; i < fido_cbor_info_options_len(ci); i++) { | ||
366 | char * const *sa = fido_cbor_info_options_name_ptr(ci); | ||
367 | const bool *va = fido_cbor_info_options_value_ptr(ci); | ||
368 | consume(sa[i], strlen(sa[i])); | ||
369 | consume(&va[i], sizeof(va[i])); | ||
370 | } | ||
371 | |||
372 | n = fido_cbor_info_maxmsgsiz(ci); | ||
373 | consume(&n, sizeof(n)); | ||
374 | |||
375 | consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci)); | ||
376 | consume(fido_cbor_info_protocols_ptr(ci), | ||
377 | fido_cbor_info_protocols_len(ci)); | ||
378 | |||
379 | fido_cbor_info_free(&ci); | ||
380 | } | ||
381 | |||
382 | static void | ||
383 | dev_set_pin(struct param *p) | ||
384 | { | ||
385 | fido_dev_t *dev; | ||
386 | |||
387 | set_wire_data(p->set_pin_wire_data.body, p->set_pin_wire_data.len); | ||
388 | |||
389 | if ((dev = prepare_dev()) == NULL) { | ||
390 | return; | ||
391 | } | ||
392 | |||
393 | fido_dev_set_pin(dev, p->pin1, NULL); | ||
394 | fido_dev_close(dev); | ||
395 | fido_dev_free(&dev); | ||
396 | } | ||
397 | |||
398 | static void | ||
399 | dev_change_pin(struct param *p) | ||
400 | { | ||
401 | fido_dev_t *dev; | ||
402 | |||
403 | set_wire_data(p->change_pin_wire_data.body, p->change_pin_wire_data.len); | ||
404 | |||
405 | if ((dev = prepare_dev()) == NULL) { | ||
406 | return; | ||
407 | } | ||
408 | |||
409 | fido_dev_set_pin(dev, p->pin2, p->pin1); | ||
410 | fido_dev_close(dev); | ||
411 | fido_dev_free(&dev); | ||
412 | } | ||
413 | |||
414 | static void | ||
415 | dev_get_retry_count(struct param *p) | ||
416 | { | ||
417 | fido_dev_t *dev; | ||
418 | int n; | ||
419 | |||
420 | set_wire_data(p->retry_wire_data.body, p->retry_wire_data.len); | ||
421 | |||
422 | if ((dev = prepare_dev()) == NULL) { | ||
423 | return; | ||
424 | } | ||
425 | |||
426 | fido_dev_get_retry_count(dev, &n); | ||
427 | consume(&n, sizeof(n)); | ||
428 | fido_dev_close(dev); | ||
429 | fido_dev_free(&dev); | ||
430 | } | ||
431 | |||
432 | int | ||
433 | LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
434 | { | ||
435 | struct param p; | ||
436 | |||
437 | memset(&p, 0, sizeof(p)); | ||
438 | |||
439 | if (unpack(data, size, &p) < 0) | ||
440 | return (0); | ||
441 | |||
442 | srandom((unsigned int)p.seed); | ||
443 | |||
444 | fido_init(0); | ||
445 | |||
446 | dev_reset(&p); | ||
447 | dev_get_cbor_info(&p); | ||
448 | dev_set_pin(&p); | ||
449 | dev_change_pin(&p); | ||
450 | dev_get_retry_count(&p); | ||
451 | |||
452 | return (0); | ||
453 | } | ||
454 | |||
455 | static size_t | ||
456 | pack_dummy(uint8_t *ptr, size_t len) | ||
457 | { | ||
458 | struct param dummy; | ||
459 | uint8_t blob[16384]; | ||
460 | size_t blob_len; | ||
461 | |||
462 | memset(&dummy, 0, sizeof(dummy)); | ||
463 | |||
464 | strlcpy(dummy.pin1, dummy_pin1, sizeof(dummy.pin1)); | ||
465 | strlcpy(dummy.pin2, dummy_pin2, sizeof(dummy.pin2)); | ||
466 | |||
467 | dummy.reset_wire_data.len = sizeof(dummy_reset_wire_data); | ||
468 | dummy.info_wire_data.len = sizeof(dummy_info_wire_data); | ||
469 | dummy.set_pin_wire_data.len = sizeof(dummy_set_pin_wire_data); | ||
470 | dummy.change_pin_wire_data.len = sizeof(dummy_change_pin_wire_data); | ||
471 | dummy.retry_wire_data.len = sizeof(dummy_retry_wire_data); | ||
472 | |||
473 | memcpy(&dummy.reset_wire_data.body, &dummy_reset_wire_data, | ||
474 | dummy.reset_wire_data.len); | ||
475 | memcpy(&dummy.info_wire_data.body, &dummy_info_wire_data, | ||
476 | dummy.info_wire_data.len); | ||
477 | memcpy(&dummy.set_pin_wire_data.body, &dummy_set_pin_wire_data, | ||
478 | dummy.set_pin_wire_data.len); | ||
479 | memcpy(&dummy.change_pin_wire_data.body, &dummy_change_pin_wire_data, | ||
480 | dummy.change_pin_wire_data.len); | ||
481 | memcpy(&dummy.retry_wire_data.body, &dummy_retry_wire_data, | ||
482 | dummy.retry_wire_data.len); | ||
483 | |||
484 | blob_len = pack(blob, sizeof(blob), &dummy); | ||
485 | assert(blob_len != 0); | ||
486 | |||
487 | if (blob_len > len) { | ||
488 | memcpy(ptr, blob, len); | ||
489 | return (len); | ||
490 | } | ||
491 | |||
492 | memcpy(ptr, blob, blob_len); | ||
493 | |||
494 | return (blob_len); | ||
495 | } | ||
496 | |||
497 | size_t | ||
498 | LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, | ||
499 | unsigned int seed) | ||
500 | { | ||
501 | struct param p; | ||
502 | uint8_t blob[16384]; | ||
503 | size_t blob_len; | ||
504 | |||
505 | memset(&p, 0, sizeof(p)); | ||
506 | |||
507 | if (unpack(data, size, &p) < 0) | ||
508 | return (pack_dummy(data, maxsize)); | ||
509 | |||
510 | p.seed = (int)seed; | ||
511 | |||
512 | mutate_string(p.pin1); | ||
513 | mutate_string(p.pin2); | ||
514 | |||
515 | mutate_blob(&p.reset_wire_data); | ||
516 | mutate_blob(&p.info_wire_data); | ||
517 | mutate_blob(&p.set_pin_wire_data); | ||
518 | mutate_blob(&p.change_pin_wire_data); | ||
519 | mutate_blob(&p.retry_wire_data); | ||
520 | |||
521 | blob_len = pack(blob, sizeof(blob), &p); | ||
522 | |||
523 | if (blob_len == 0 || blob_len > maxsize) | ||
524 | return (0); | ||
525 | |||
526 | memcpy(data, blob, blob_len); | ||
527 | |||
528 | return (blob_len); | ||
529 | } | ||
diff --git a/fuzz/harnesses/assert b/fuzz/harnesses/assert new file mode 100755 index 0000000..55cd889 --- /dev/null +++ b/fuzz/harnesses/assert | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=assert | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../pubkey" | \ | ||
11 | tar -C ${T} -xf- | ||
12 | } | ||
13 | |||
14 | run() { | ||
15 | find ${T}/queue -type f | while read f; do | ||
16 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/assert \ | ||
17 | ${T}/pubkey nodev 2>/dev/null 1>&2 | ||
18 | done | ||
19 | } | ||
20 | |||
21 | case "$1" in | ||
22 | sync) | ||
23 | sync | ||
24 | ;; | ||
25 | run) | ||
26 | run | ||
27 | exit 0 | ||
28 | ;; | ||
29 | *) | ||
30 | echo unknown command "$1" | ||
31 | exit 1 | ||
32 | esac | ||
diff --git a/fuzz/harnesses/assert-rsa-h-p b/fuzz/harnesses/assert-rsa-h-p new file mode 100755 index 0000000..8eb9ea6 --- /dev/null +++ b/fuzz/harnesses/assert-rsa-h-p | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=assert-rsa-h-p | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../pubkey ../hmac-salt" | \ | ||
11 | tar -C ${T} -xf- | ||
12 | } | ||
13 | |||
14 | run() { | ||
15 | find ${T}/queue -type f | while read f; do | ||
16 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/assert \ | ||
17 | -t rsa -h ${T}/hmac-out -s ${T}/hmac-salt \ | ||
18 | -p ${T}/pubkey nodev 2>/dev/null 1>&2 | ||
19 | done | ||
20 | } | ||
21 | |||
22 | case "$1" in | ||
23 | sync) | ||
24 | sync | ||
25 | ;; | ||
26 | run) | ||
27 | run | ||
28 | exit 0 | ||
29 | ;; | ||
30 | *) | ||
31 | echo unknown command "$1" | ||
32 | exit 1 | ||
33 | esac | ||
diff --git a/fuzz/harnesses/assert-u2f b/fuzz/harnesses/assert-u2f new file mode 100755 index 0000000..257d1d6 --- /dev/null +++ b/fuzz/harnesses/assert-u2f | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=assert-u2f | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../cred_id ../pubkey" | \ | ||
11 | tar -C ${T} -xf- | ||
12 | } | ||
13 | |||
14 | run() { | ||
15 | find ${T}/queue -type f | while read f; do | ||
16 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/assert -up \ | ||
17 | -a ${T}/cred_id ${T}/pubkey nodev 2>/dev/null 1>&2 | ||
18 | done | ||
19 | } | ||
20 | |||
21 | case "$1" in | ||
22 | sync) | ||
23 | sync | ||
24 | ;; | ||
25 | run) | ||
26 | run | ||
27 | exit 0 | ||
28 | ;; | ||
29 | *) | ||
30 | echo unknown command "$1" | ||
31 | exit 1 | ||
32 | esac | ||
diff --git a/fuzz/harnesses/cred b/fuzz/harnesses/cred new file mode 100755 index 0000000..71ee845 --- /dev/null +++ b/fuzz/harnesses/cred | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=cred | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | find ${T}/queue -type f | while read f; do | ||
15 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \ | ||
16 | -k ${T}/pubkey -i ${T}/cred_id nodev 2>/dev/null 1>&2 | ||
17 | done | ||
18 | } | ||
19 | |||
20 | case "$1" in | ||
21 | sync) | ||
22 | sync | ||
23 | ;; | ||
24 | run) | ||
25 | run | ||
26 | exit 0 | ||
27 | ;; | ||
28 | *) | ||
29 | echo unknown command "$1" | ||
30 | exit 1 | ||
31 | esac | ||
diff --git a/fuzz/harnesses/cred-rsa-h-p b/fuzz/harnesses/cred-rsa-h-p new file mode 100755 index 0000000..bb14c23 --- /dev/null +++ b/fuzz/harnesses/cred-rsa-h-p | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=cred-rsa-h-p | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | find ${T}/queue -type f | while read f; do | ||
15 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \ | ||
16 | -t rsa -r -k ${T}/pubkey -i ${T}/cred_id -h nodev \ | ||
17 | 2>/dev/null 1>&2 | ||
18 | done | ||
19 | } | ||
20 | |||
21 | case "$1" in | ||
22 | sync) | ||
23 | sync | ||
24 | ;; | ||
25 | run) | ||
26 | run | ||
27 | exit 0 | ||
28 | ;; | ||
29 | *) | ||
30 | echo unknown command "$1" | ||
31 | exit 1 | ||
32 | esac | ||
diff --git a/fuzz/harnesses/cred-u2f b/fuzz/harnesses/cred-u2f new file mode 100755 index 0000000..3af4393 --- /dev/null +++ b/fuzz/harnesses/cred-u2f | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=cred-u2f | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | find ${T}/queue -type f | while read f; do | ||
15 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \ | ||
16 | -k ${T}/pubkey -i ${T}/cred_id -u nodev 2>/dev/null 1>&2 | ||
17 | done | ||
18 | } | ||
19 | |||
20 | case "$1" in | ||
21 | sync) | ||
22 | sync | ||
23 | ;; | ||
24 | run) | ||
25 | run | ||
26 | exit 0 | ||
27 | ;; | ||
28 | *) | ||
29 | echo unknown command "$1" | ||
30 | exit 1 | ||
31 | esac | ||
diff --git a/fuzz/harnesses/cred-u2f-exclude b/fuzz/harnesses/cred-u2f-exclude new file mode 100755 index 0000000..3777134 --- /dev/null +++ b/fuzz/harnesses/cred-u2f-exclude | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=cred-u2f-exclude | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../excl_id" | \ | ||
11 | tar -C ${T} -xf- | ||
12 | } | ||
13 | |||
14 | run() { | ||
15 | find ${T}/queue -type f | while read f; do | ||
16 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \ | ||
17 | -k ${T}/pubkey -i ${T}/cred_id -e ${T}/excl_id \ | ||
18 | -u nodev 2>/dev/null 1>&2 | ||
19 | done | ||
20 | } | ||
21 | |||
22 | case "$1" in | ||
23 | sync) | ||
24 | sync | ||
25 | ;; | ||
26 | run) | ||
27 | run | ||
28 | exit 0 | ||
29 | ;; | ||
30 | *) | ||
31 | echo unknown command "$1" | ||
32 | exit 1 | ||
33 | esac | ||
diff --git a/fuzz/harnesses/fido2-assert-G b/fuzz/harnesses/fido2-assert-G new file mode 100755 index 0000000..6671449 --- /dev/null +++ b/fuzz/harnesses/fido2-assert-G | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fido2-assert-G | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | find ${T}/queue -type f | while read f; do | ||
15 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-assert \ | ||
16 | -G -i - nodev 2>/dev/null 1>&2 | ||
17 | done | ||
18 | } | ||
19 | |||
20 | case "$1" in | ||
21 | sync) | ||
22 | sync | ||
23 | ;; | ||
24 | run) | ||
25 | run | ||
26 | exit 0 | ||
27 | ;; | ||
28 | *) | ||
29 | echo unknown command "$1" | ||
30 | exit 1 | ||
31 | esac | ||
diff --git a/fuzz/harnesses/fido2-assert-V b/fuzz/harnesses/fido2-assert-V new file mode 100755 index 0000000..898cb0f --- /dev/null +++ b/fuzz/harnesses/fido2-assert-V | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fido2-assert-V | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../pubkey" | \ | ||
11 | tar -C ${T} -xf- | ||
12 | } | ||
13 | |||
14 | run() { | ||
15 | find ${T}/queue -type f | while read f; do | ||
16 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-assert -V \ | ||
17 | pubkey es256 2>/dev/null 1>&2 | ||
18 | done | ||
19 | } | ||
20 | |||
21 | case "$1" in | ||
22 | sync) | ||
23 | sync | ||
24 | ;; | ||
25 | run) | ||
26 | run | ||
27 | exit 0 | ||
28 | ;; | ||
29 | *) | ||
30 | echo unknown command "$1" | ||
31 | exit 1 | ||
32 | esac | ||
diff --git a/fuzz/harnesses/fido2-cred-M b/fuzz/harnesses/fido2-cred-M new file mode 100755 index 0000000..f82fbf7 --- /dev/null +++ b/fuzz/harnesses/fido2-cred-M | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fido2-cred-M | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | find ${T}/queue -type f | while read f; do | ||
15 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-cred -M \ | ||
16 | -q -i - nodev 2>/dev/null 1>&2 | ||
17 | done | ||
18 | } | ||
19 | |||
20 | case "$1" in | ||
21 | sync) | ||
22 | sync | ||
23 | ;; | ||
24 | run) | ||
25 | run | ||
26 | exit 0 | ||
27 | ;; | ||
28 | *) | ||
29 | echo unknown command "$1" | ||
30 | exit 1 | ||
31 | esac | ||
diff --git a/fuzz/harnesses/fido2-cred-V b/fuzz/harnesses/fido2-cred-V new file mode 100755 index 0000000..13a648f --- /dev/null +++ b/fuzz/harnesses/fido2-cred-V | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fido2-cred-V | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | find ${T}/queue -type f | while read f; do | ||
15 | cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-cred -V \ | ||
16 | -o cred 2>/dev/null 1>&2 | ||
17 | done | ||
18 | } | ||
19 | |||
20 | case "$1" in | ||
21 | sync) | ||
22 | sync | ||
23 | ;; | ||
24 | run) | ||
25 | run | ||
26 | exit 0 | ||
27 | ;; | ||
28 | *) | ||
29 | echo unknown command "$1" | ||
30 | exit 1 | ||
31 | esac | ||
diff --git a/fuzz/harnesses/fuzz_assert b/fuzz/harnesses/fuzz_assert new file mode 100755 index 0000000..6a0baa9 --- /dev/null +++ b/fuzz/harnesses/fuzz_assert | |||
@@ -0,0 +1,29 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fuzz_assert | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | build/fuzz/fuzz_assert -max_len=17408 -runs=1 ${T}/corpus \ | ||
15 | 2>/dev/null 1>&2 | ||
16 | } | ||
17 | |||
18 | case "$1" in | ||
19 | sync) | ||
20 | sync | ||
21 | ;; | ||
22 | run) | ||
23 | run | ||
24 | exit 0 | ||
25 | ;; | ||
26 | *) | ||
27 | echo unknown command "$1" | ||
28 | exit 1 | ||
29 | esac | ||
diff --git a/fuzz/harnesses/fuzz_bio b/fuzz/harnesses/fuzz_bio new file mode 100755 index 0000000..f4bab19 --- /dev/null +++ b/fuzz/harnesses/fuzz_bio | |||
@@ -0,0 +1,29 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fuzz_bio | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | build/fuzz/fuzz_bio -max_len=17408 -runs=1 ${T}/corpus \ | ||
15 | 2>/dev/null 1>&2 | ||
16 | } | ||
17 | |||
18 | case "$1" in | ||
19 | sync) | ||
20 | sync | ||
21 | ;; | ||
22 | run) | ||
23 | run | ||
24 | exit 0 | ||
25 | ;; | ||
26 | *) | ||
27 | echo unknown command "$1" | ||
28 | exit 1 | ||
29 | esac | ||
diff --git a/fuzz/harnesses/fuzz_cred b/fuzz/harnesses/fuzz_cred new file mode 100755 index 0000000..8dfb168 --- /dev/null +++ b/fuzz/harnesses/fuzz_cred | |||
@@ -0,0 +1,28 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fuzz_cred | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | build/fuzz/fuzz_cred -max_len=17408 -runs=1 ${T}/corpus 2>/dev/null 1>&2 | ||
15 | } | ||
16 | |||
17 | case "$1" in | ||
18 | sync) | ||
19 | sync | ||
20 | ;; | ||
21 | run) | ||
22 | run | ||
23 | exit 0 | ||
24 | ;; | ||
25 | *) | ||
26 | echo unknown command "$1" | ||
27 | exit 1 | ||
28 | esac | ||
diff --git a/fuzz/harnesses/fuzz_credman b/fuzz/harnesses/fuzz_credman new file mode 100755 index 0000000..7721a58 --- /dev/null +++ b/fuzz/harnesses/fuzz_credman | |||
@@ -0,0 +1,28 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fuzz_credman | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | build/fuzz/fuzz_credman -max_len=17408 -runs=1 ${T}/corpus 2>/dev/null 1>&2 | ||
15 | } | ||
16 | |||
17 | case "$1" in | ||
18 | sync) | ||
19 | sync | ||
20 | ;; | ||
21 | run) | ||
22 | run | ||
23 | exit 0 | ||
24 | ;; | ||
25 | *) | ||
26 | echo unknown command "$1" | ||
27 | exit 1 | ||
28 | esac | ||
diff --git a/fuzz/harnesses/fuzz_mgmt b/fuzz/harnesses/fuzz_mgmt new file mode 100755 index 0000000..9224eea --- /dev/null +++ b/fuzz/harnesses/fuzz_mgmt | |||
@@ -0,0 +1,29 @@ | |||
1 | #!/bin/bash -u | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | |||
6 | T=fuzz_mgmt | ||
7 | |||
8 | sync() { | ||
9 | mkdir ${T} | ||
10 | ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf- | ||
11 | } | ||
12 | |||
13 | run() { | ||
14 | build/fuzz/fuzz_mgmt -max_len=17408 -runs=1 ${T}/corpus \ | ||
15 | 2>/dev/null 1>&2 | ||
16 | } | ||
17 | |||
18 | case "$1" in | ||
19 | sync) | ||
20 | sync | ||
21 | ;; | ||
22 | run) | ||
23 | run | ||
24 | exit 0 | ||
25 | ;; | ||
26 | *) | ||
27 | echo unknown command "$1" | ||
28 | exit 1 | ||
29 | esac | ||
diff --git a/fuzz/mutator_aux.c b/fuzz/mutator_aux.c new file mode 100644 index 0000000..24aa716 --- /dev/null +++ b/fuzz/mutator_aux.c | |||
@@ -0,0 +1,314 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #include <assert.h> | ||
8 | #include <stddef.h> | ||
9 | #include <stdint.h> | ||
10 | #include <stdio.h> | ||
11 | #include <stdlib.h> | ||
12 | #include <string.h> | ||
13 | |||
14 | #include "mutator_aux.h" | ||
15 | |||
16 | size_t LLVMFuzzerMutate(uint8_t *, size_t, size_t); | ||
17 | |||
18 | static uint8_t *wire_data_ptr = NULL; | ||
19 | static size_t wire_data_len = 0; | ||
20 | |||
21 | size_t | ||
22 | xstrlen(const char *s) | ||
23 | { | ||
24 | if (s == NULL) | ||
25 | return (0); | ||
26 | |||
27 | return (strlen(s)); | ||
28 | } | ||
29 | |||
30 | void | ||
31 | consume(const void *body, size_t len) | ||
32 | { | ||
33 | const volatile uint8_t *ptr = body; | ||
34 | volatile uint8_t x = 0; | ||
35 | |||
36 | while (len--) | ||
37 | x ^= *ptr++; | ||
38 | } | ||
39 | |||
40 | int | ||
41 | unpack_int(uint8_t t, uint8_t **ptr, size_t *len, int *v) NO_MSAN | ||
42 | { | ||
43 | size_t l; | ||
44 | |||
45 | if (*len < sizeof(t) || **ptr != t) | ||
46 | return (-1); | ||
47 | |||
48 | *ptr += sizeof(t); | ||
49 | *len -= sizeof(t); | ||
50 | |||
51 | if (*len < sizeof(l)) | ||
52 | return (-1); | ||
53 | |||
54 | memcpy(&l, *ptr, sizeof(l)); | ||
55 | *ptr += sizeof(l); | ||
56 | *len -= sizeof(l); | ||
57 | |||
58 | if (l != sizeof(*v) || *len < l) | ||
59 | return (-1); | ||
60 | |||
61 | memcpy(v, *ptr, sizeof(*v)); | ||
62 | *ptr += sizeof(*v); | ||
63 | *len -= sizeof(*v); | ||
64 | |||
65 | return (0); | ||
66 | } | ||
67 | |||
68 | int | ||
69 | unpack_string(uint8_t t, uint8_t **ptr, size_t *len, char *v) NO_MSAN | ||
70 | { | ||
71 | size_t l; | ||
72 | |||
73 | if (*len < sizeof(t) || **ptr != t) | ||
74 | return (-1); | ||
75 | |||
76 | *ptr += sizeof(t); | ||
77 | *len -= sizeof(t); | ||
78 | |||
79 | if (*len < sizeof(l)) | ||
80 | return (-1); | ||
81 | |||
82 | memcpy(&l, *ptr, sizeof(l)); | ||
83 | *ptr += sizeof(l); | ||
84 | *len -= sizeof(l); | ||
85 | |||
86 | if (*len < l || l >= MAXSTR) | ||
87 | return (-1); | ||
88 | |||
89 | memcpy(v, *ptr, l); | ||
90 | v[l] = '\0'; | ||
91 | |||
92 | *ptr += l; | ||
93 | *len -= l; | ||
94 | |||
95 | return (0); | ||
96 | } | ||
97 | |||
98 | int | ||
99 | unpack_byte(uint8_t t, uint8_t **ptr, size_t *len, uint8_t *v) NO_MSAN | ||
100 | { | ||
101 | size_t l; | ||
102 | |||
103 | if (*len < sizeof(t) || **ptr != t) | ||
104 | return (-1); | ||
105 | |||
106 | *ptr += sizeof(t); | ||
107 | *len -= sizeof(t); | ||
108 | |||
109 | if (*len < sizeof(l)) | ||
110 | return (-1); | ||
111 | |||
112 | memcpy(&l, *ptr, sizeof(l)); | ||
113 | *ptr += sizeof(l); | ||
114 | *len -= sizeof(l); | ||
115 | |||
116 | if (l != sizeof(*v) || *len < l) | ||
117 | return (-1); | ||
118 | |||
119 | memcpy(v, *ptr, sizeof(*v)); | ||
120 | *ptr += sizeof(*v); | ||
121 | *len -= sizeof(*v); | ||
122 | |||
123 | return (0); | ||
124 | } | ||
125 | |||
126 | int | ||
127 | unpack_blob(uint8_t t, uint8_t **ptr, size_t *len, struct blob *v) NO_MSAN | ||
128 | { | ||
129 | size_t l; | ||
130 | |||
131 | v->len = 0; | ||
132 | |||
133 | if (*len < sizeof(t) || **ptr != t) | ||
134 | return (-1); | ||
135 | |||
136 | *ptr += sizeof(t); | ||
137 | *len -= sizeof(t); | ||
138 | |||
139 | if (*len < sizeof(l)) | ||
140 | return (-1); | ||
141 | |||
142 | memcpy(&l, *ptr, sizeof(l)); | ||
143 | *ptr += sizeof(l); | ||
144 | *len -= sizeof(l); | ||
145 | |||
146 | if (*len < l || l > sizeof(v->body)) | ||
147 | return (-1); | ||
148 | |||
149 | memcpy(v->body, *ptr, l); | ||
150 | *ptr += l; | ||
151 | *len -= l; | ||
152 | |||
153 | v->len = l; | ||
154 | |||
155 | return (0); | ||
156 | } | ||
157 | |||
158 | int | ||
159 | pack_int(uint8_t t, uint8_t **ptr, size_t *len, int v) NO_MSAN | ||
160 | { | ||
161 | const size_t l = sizeof(v); | ||
162 | |||
163 | if (*len < sizeof(t) + sizeof(l) + l) | ||
164 | return (-1); | ||
165 | |||
166 | (*ptr)[0] = t; | ||
167 | memcpy(&(*ptr)[sizeof(t)], &l, sizeof(l)); | ||
168 | memcpy(&(*ptr)[sizeof(t) + sizeof(l)], &v, l); | ||
169 | |||
170 | *ptr += sizeof(t) + sizeof(l) + l; | ||
171 | *len -= sizeof(t) + sizeof(l) + l; | ||
172 | |||
173 | return (0); | ||
174 | } | ||
175 | |||
176 | int | ||
177 | pack_string(uint8_t t, uint8_t **ptr, size_t *len, const char *v) NO_MSAN | ||
178 | { | ||
179 | const size_t l = strlen(v); | ||
180 | |||
181 | if (*len < sizeof(t) + sizeof(l) + l) | ||
182 | return (-1); | ||
183 | |||
184 | (*ptr)[0] = t; | ||
185 | memcpy(&(*ptr)[sizeof(t)], &l, sizeof(l)); | ||
186 | memcpy(&(*ptr)[sizeof(t) + sizeof(l)], v, l); | ||
187 | |||
188 | *ptr += sizeof(t) + sizeof(l) + l; | ||
189 | *len -= sizeof(t) + sizeof(l) + l; | ||
190 | |||
191 | return (0); | ||
192 | } | ||
193 | |||
194 | int | ||
195 | pack_byte(uint8_t t, uint8_t **ptr, size_t *len, uint8_t v) NO_MSAN | ||
196 | { | ||
197 | const size_t l = sizeof(v); | ||
198 | |||
199 | if (*len < sizeof(t) + sizeof(l) + l) | ||
200 | return (-1); | ||
201 | |||
202 | (*ptr)[0] = t; | ||
203 | memcpy(&(*ptr)[sizeof(t)], &l, sizeof(l)); | ||
204 | memcpy(&(*ptr)[sizeof(t) + sizeof(l)], &v, l); | ||
205 | |||
206 | *ptr += sizeof(t) + sizeof(l) + l; | ||
207 | *len -= sizeof(t) + sizeof(l) + l; | ||
208 | |||
209 | return (0); | ||
210 | } | ||
211 | |||
212 | int | ||
213 | pack_blob(uint8_t t, uint8_t **ptr, size_t *len, const struct blob *v) NO_MSAN | ||
214 | { | ||
215 | const size_t l = v->len; | ||
216 | |||
217 | if (*len < sizeof(t) + sizeof(l) + l) | ||
218 | return (-1); | ||
219 | |||
220 | (*ptr)[0] = t; | ||
221 | memcpy(&(*ptr)[sizeof(t)], &l, sizeof(l)); | ||
222 | memcpy(&(*ptr)[sizeof(t) + sizeof(l)], v->body, l); | ||
223 | |||
224 | *ptr += sizeof(t) + sizeof(l) + l; | ||
225 | *len -= sizeof(t) + sizeof(l) + l; | ||
226 | |||
227 | return (0); | ||
228 | } | ||
229 | |||
230 | void | ||
231 | mutate_byte(uint8_t *b) | ||
232 | { | ||
233 | LLVMFuzzerMutate(b, sizeof(*b), sizeof(*b)); | ||
234 | } | ||
235 | |||
236 | void | ||
237 | mutate_int(int *i) | ||
238 | { | ||
239 | LLVMFuzzerMutate((uint8_t *)i, sizeof(*i), sizeof(*i)); | ||
240 | } | ||
241 | |||
242 | void | ||
243 | mutate_blob(struct blob *blob) | ||
244 | { | ||
245 | blob->len = LLVMFuzzerMutate((uint8_t *)blob->body, blob->len, | ||
246 | sizeof(blob->body)); | ||
247 | } | ||
248 | |||
249 | void | ||
250 | mutate_string(char *s) | ||
251 | { | ||
252 | size_t n; | ||
253 | |||
254 | n = LLVMFuzzerMutate((uint8_t *)s, strlen(s), MAXSTR - 1); | ||
255 | s[n] = '\0'; | ||
256 | } | ||
257 | |||
258 | void * | ||
259 | dev_open(const char *path) | ||
260 | { | ||
261 | (void)path; | ||
262 | |||
263 | return ((void *)0xdeadbeef); | ||
264 | } | ||
265 | |||
266 | void | ||
267 | dev_close(void *handle) | ||
268 | { | ||
269 | assert(handle == (void *)0xdeadbeef); | ||
270 | } | ||
271 | |||
272 | int | ||
273 | dev_read(void *handle, unsigned char *ptr, size_t len, int ms) | ||
274 | { | ||
275 | size_t n; | ||
276 | |||
277 | (void)ms; | ||
278 | |||
279 | assert(handle == (void *)0xdeadbeef); | ||
280 | assert(len == 64); | ||
281 | |||
282 | if (wire_data_len < len) | ||
283 | n = wire_data_len; | ||
284 | else | ||
285 | n = len; | ||
286 | |||
287 | memcpy(ptr, wire_data_ptr, n); | ||
288 | |||
289 | wire_data_ptr += n; | ||
290 | wire_data_len -= n; | ||
291 | |||
292 | return ((int)n); | ||
293 | } | ||
294 | |||
295 | int | ||
296 | dev_write(void *handle, const unsigned char *ptr, size_t len) | ||
297 | { | ||
298 | assert(handle == (void *)0xdeadbeef); | ||
299 | assert(len == 64 + 1); | ||
300 | |||
301 | consume(ptr, len); | ||
302 | |||
303 | if (uniform_random(400) < 1) | ||
304 | return (-1); | ||
305 | |||
306 | return ((int)len); | ||
307 | } | ||
308 | |||
309 | void | ||
310 | set_wire_data(uint8_t *ptr, size_t len) | ||
311 | { | ||
312 | wire_data_ptr = ptr; | ||
313 | wire_data_len = len; | ||
314 | } | ||
diff --git a/fuzz/mutator_aux.h b/fuzz/mutator_aux.h new file mode 100644 index 0000000..687f130 --- /dev/null +++ b/fuzz/mutator_aux.h | |||
@@ -0,0 +1,65 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #ifndef _MUTATOR_AUX_H | ||
8 | #define _MUTATOR_AUX_H | ||
9 | |||
10 | /* | ||
11 | * As of LLVM 7.0.1, MSAN support in libFuzzer was still experimental. | ||
12 | * We therefore have to be careful when using our custom mutator, or | ||
13 | * MSAN will flag uninitialised reads on memory populated by libFuzzer. | ||
14 | * Since there is no way to suppress MSAN without regenerating object | ||
15 | * code (in which case you might as well rebuild libFuzzer with MSAN), | ||
16 | * we adjust our mutator to make it less accurate while allowing | ||
17 | * fuzzing to proceed. | ||
18 | */ | ||
19 | |||
20 | #if defined(__has_feature) | ||
21 | # if __has_feature(memory_sanitizer) | ||
22 | # define NO_MSAN __attribute__((no_sanitize("memory"))) | ||
23 | # define WITH_MSAN 1 | ||
24 | # endif | ||
25 | #endif | ||
26 | |||
27 | #if !defined(WITH_MSAN) | ||
28 | # define NO_MSAN | ||
29 | #endif | ||
30 | |||
31 | #define MAXSTR 1024 | ||
32 | #define MAXBLOB 3072 | ||
33 | |||
34 | struct blob { | ||
35 | uint8_t body[MAXBLOB]; | ||
36 | size_t len; | ||
37 | }; | ||
38 | |||
39 | size_t xstrlen(const char *); | ||
40 | void consume(const void *, size_t); | ||
41 | |||
42 | int unpack_blob(uint8_t, uint8_t **, size_t *, struct blob *); | ||
43 | int unpack_byte(uint8_t, uint8_t **, size_t *, uint8_t *); | ||
44 | int unpack_int(uint8_t, uint8_t **, size_t *, int *); | ||
45 | int unpack_string(uint8_t, uint8_t **, size_t *, char *); | ||
46 | |||
47 | int pack_blob(uint8_t, uint8_t **, size_t *, const struct blob *); | ||
48 | int pack_byte(uint8_t, uint8_t **, size_t *, uint8_t); | ||
49 | int pack_int(uint8_t, uint8_t **, size_t *, int); | ||
50 | int pack_string(uint8_t, uint8_t **, size_t *, const char *); | ||
51 | |||
52 | void mutate_byte(uint8_t *); | ||
53 | void mutate_int(int *); | ||
54 | void mutate_blob(struct blob *); | ||
55 | void mutate_string(char *); | ||
56 | |||
57 | void * dev_open(const char *); | ||
58 | void dev_close(void *); | ||
59 | void set_wire_data(uint8_t *, size_t); | ||
60 | int dev_read(void *, unsigned char *, size_t, int); | ||
61 | int dev_write(void *, const unsigned char *, size_t); | ||
62 | |||
63 | uint32_t uniform_random(uint32_t); | ||
64 | |||
65 | #endif /* !_MUTATOR_AUX_H */ | ||
diff --git a/fuzz/preload-fuzz.c b/fuzz/preload-fuzz.c new file mode 100644 index 0000000..efcb8c6 --- /dev/null +++ b/fuzz/preload-fuzz.c | |||
@@ -0,0 +1,104 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | /* | ||
8 | * cc -fPIC -D_GNU_SOURCE -shared -o preload-fuzz.so preload-fuzz.c | ||
9 | * LD_PRELOAD=$(realpath preload-fuzz.so) | ||
10 | */ | ||
11 | |||
12 | #include <sys/types.h> | ||
13 | #include <sys/stat.h> | ||
14 | |||
15 | #include <dlfcn.h> | ||
16 | #include <err.h> | ||
17 | #include <errno.h> | ||
18 | #include <fcntl.h> | ||
19 | #include <limits.h> | ||
20 | #include <stdarg.h> | ||
21 | #include <stdio.h> | ||
22 | #include <stdlib.h> | ||
23 | #include <string.h> | ||
24 | #include <unistd.h> | ||
25 | |||
26 | #define FUZZ_DEV_PREFIX "nodev" | ||
27 | |||
28 | static int fd_fuzz = -1; | ||
29 | static int (*open_f)(const char *, int, mode_t); | ||
30 | static int (*close_f)(int); | ||
31 | static ssize_t (*write_f)(int, const void *, size_t); | ||
32 | |||
33 | int | ||
34 | open(const char *path, int flags, ...) | ||
35 | { | ||
36 | va_list ap; | ||
37 | mode_t mode; | ||
38 | |||
39 | va_start(ap, flags); | ||
40 | mode = va_arg(ap, mode_t); | ||
41 | va_end(ap); | ||
42 | |||
43 | if (open_f == NULL) { | ||
44 | open_f = dlsym(RTLD_NEXT, "open"); | ||
45 | if (open_f == NULL) { | ||
46 | warnx("%s: dlsym", __func__); | ||
47 | errno = EACCES; | ||
48 | return (-1); | ||
49 | } | ||
50 | } | ||
51 | |||
52 | if (strncmp(path, FUZZ_DEV_PREFIX, strlen(FUZZ_DEV_PREFIX)) != 0) | ||
53 | return (open_f(path, flags, mode)); | ||
54 | |||
55 | if (fd_fuzz != -1) { | ||
56 | warnx("%s: fd_fuzz != -1", __func__); | ||
57 | errno = EACCES; | ||
58 | return (-1); | ||
59 | } | ||
60 | |||
61 | if ((fd_fuzz = dup(STDIN_FILENO)) < 0) { | ||
62 | warn("%s: dup", __func__); | ||
63 | errno = EACCES; | ||
64 | return (-1); | ||
65 | } | ||
66 | |||
67 | return (fd_fuzz); | ||
68 | } | ||
69 | |||
70 | int | ||
71 | close(int fd) | ||
72 | { | ||
73 | if (close_f == NULL) { | ||
74 | close_f = dlsym(RTLD_NEXT, "close"); | ||
75 | if (close_f == NULL) { | ||
76 | warnx("%s: dlsym", __func__); | ||
77 | errno = EACCES; | ||
78 | return (-1); | ||
79 | } | ||
80 | } | ||
81 | |||
82 | if (fd == fd_fuzz) | ||
83 | fd_fuzz = -1; | ||
84 | |||
85 | return (close_f(fd)); | ||
86 | } | ||
87 | |||
88 | ssize_t | ||
89 | write(int fd, const void *buf, size_t nbytes) | ||
90 | { | ||
91 | if (write_f == NULL) { | ||
92 | write_f = dlsym(RTLD_NEXT, "write"); | ||
93 | if (write_f == NULL) { | ||
94 | warnx("%s: dlsym", __func__); | ||
95 | errno = EBADF; | ||
96 | return (-1); | ||
97 | } | ||
98 | } | ||
99 | |||
100 | if (fd != fd_fuzz) | ||
101 | return (write_f(fd, buf, nbytes)); | ||
102 | |||
103 | return (nbytes); | ||
104 | } | ||
diff --git a/fuzz/preload-snoop.c b/fuzz/preload-snoop.c new file mode 100644 index 0000000..373acc5 --- /dev/null +++ b/fuzz/preload-snoop.c | |||
@@ -0,0 +1,217 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | /* | ||
8 | * cc -fPIC -D_GNU_SOURCE -shared -o preload-snoop.so preload-snoop.c | ||
9 | * LD_PRELOAD=$(realpath preload-snoop.so) | ||
10 | */ | ||
11 | |||
12 | #include <sys/types.h> | ||
13 | #include <sys/stat.h> | ||
14 | |||
15 | #include <dlfcn.h> | ||
16 | #include <err.h> | ||
17 | #include <errno.h> | ||
18 | #include <fcntl.h> | ||
19 | #include <limits.h> | ||
20 | #include <stdarg.h> | ||
21 | #include <stdio.h> | ||
22 | #include <stdlib.h> | ||
23 | #include <string.h> | ||
24 | #include <unistd.h> | ||
25 | |||
26 | #define SNOOP_DEV_PREFIX "/dev/hidraw" | ||
27 | |||
28 | struct fd_tuple { | ||
29 | int snoop_in; | ||
30 | int snoop_out; | ||
31 | int real_dev; | ||
32 | }; | ||
33 | |||
34 | static struct fd_tuple *fd_tuple; | ||
35 | static int (*open_f)(const char *, int, mode_t); | ||
36 | static int (*close_f)(int); | ||
37 | static ssize_t (*read_f)(int, void *, size_t); | ||
38 | static ssize_t (*write_f)(int, const void *, size_t); | ||
39 | |||
40 | static int | ||
41 | get_fd(const char *hid_path, const char *suffix) | ||
42 | { | ||
43 | char *s = NULL; | ||
44 | char path[PATH_MAX]; | ||
45 | int fd; | ||
46 | int r; | ||
47 | |||
48 | if ((s = strdup(hid_path)) == NULL) { | ||
49 | warnx("%s: strdup", __func__); | ||
50 | return (-1); | ||
51 | } | ||
52 | |||
53 | for (size_t i = 0; i < strlen(s); i++) | ||
54 | if (s[i] == '/') | ||
55 | s[i] = '_'; | ||
56 | |||
57 | if ((r = snprintf(path, sizeof(path), "%s-%s", s, suffix)) < 0 || | ||
58 | (size_t)r >= sizeof(path)) { | ||
59 | warnx("%s: snprintf", __func__); | ||
60 | free(s); | ||
61 | return (-1); | ||
62 | } | ||
63 | |||
64 | free(s); | ||
65 | s = NULL; | ||
66 | |||
67 | if ((fd = open_f(path, O_CREAT | O_WRONLY, 0644)) < 0) { | ||
68 | warn("%s: open", __func__); | ||
69 | return (-1); | ||
70 | } | ||
71 | |||
72 | return (fd); | ||
73 | } | ||
74 | |||
75 | int | ||
76 | open(const char *path, int flags, ...) | ||
77 | { | ||
78 | va_list ap; | ||
79 | mode_t mode; | ||
80 | |||
81 | va_start(ap, flags); | ||
82 | mode = va_arg(ap, mode_t); | ||
83 | va_end(ap); | ||
84 | |||
85 | if (open_f == NULL) { | ||
86 | open_f = dlsym(RTLD_NEXT, "open"); | ||
87 | if (open_f == NULL) { | ||
88 | warnx("%s: dlsym", __func__); | ||
89 | errno = EACCES; | ||
90 | return (-1); | ||
91 | } | ||
92 | } | ||
93 | |||
94 | if (strncmp(path, SNOOP_DEV_PREFIX, strlen(SNOOP_DEV_PREFIX)) != 0) | ||
95 | return (open_f(path, flags, mode)); | ||
96 | |||
97 | if (fd_tuple != NULL) { | ||
98 | warnx("%s: fd_tuple != NULL", __func__); | ||
99 | errno = EACCES; | ||
100 | return (-1); | ||
101 | } | ||
102 | |||
103 | if ((fd_tuple = calloc(1, sizeof(*fd_tuple))) == NULL) { | ||
104 | warn("%s: calloc", __func__); | ||
105 | errno = ENOMEM; | ||
106 | return (-1); | ||
107 | } | ||
108 | |||
109 | fd_tuple->snoop_in = -1; | ||
110 | fd_tuple->snoop_out = -1; | ||
111 | fd_tuple->real_dev = -1; | ||
112 | |||
113 | if ((fd_tuple->snoop_in = get_fd(path, "in")) < 0 || | ||
114 | (fd_tuple->snoop_out = get_fd(path, "out")) < 0 || | ||
115 | (fd_tuple->real_dev = open_f(path, flags, mode)) < 0) { | ||
116 | warn("%s: get_fd/open", __func__); | ||
117 | goto fail; | ||
118 | } | ||
119 | |||
120 | return (fd_tuple->real_dev); | ||
121 | fail: | ||
122 | if (fd_tuple->snoop_in != -1) | ||
123 | close(fd_tuple->snoop_in); | ||
124 | if (fd_tuple->snoop_out != -1) | ||
125 | close(fd_tuple->snoop_out); | ||
126 | if (fd_tuple->real_dev != -1) | ||
127 | close(fd_tuple->real_dev); | ||
128 | |||
129 | free(fd_tuple); | ||
130 | fd_tuple = NULL; | ||
131 | |||
132 | errno = EACCES; | ||
133 | |||
134 | return (-1); | ||
135 | } | ||
136 | |||
137 | int | ||
138 | close(int fd) | ||
139 | { | ||
140 | if (close_f == NULL) { | ||
141 | close_f = dlsym(RTLD_NEXT, "close"); | ||
142 | if (close_f == NULL) { | ||
143 | warnx("%s: dlsym", __func__); | ||
144 | errno = EBADF; | ||
145 | return (-1); | ||
146 | } | ||
147 | } | ||
148 | |||
149 | if (fd_tuple == NULL || fd_tuple->real_dev != fd) | ||
150 | return (close_f(fd)); | ||
151 | |||
152 | close_f(fd_tuple->snoop_in); | ||
153 | close_f(fd_tuple->snoop_out); | ||
154 | close_f(fd_tuple->real_dev); | ||
155 | |||
156 | free(fd_tuple); | ||
157 | fd_tuple = NULL; | ||
158 | |||
159 | return (0); | ||
160 | } | ||
161 | |||
162 | ssize_t | ||
163 | read(int fd, void *buf, size_t nbytes) | ||
164 | { | ||
165 | ssize_t n; | ||
166 | |||
167 | if (read_f == NULL) { | ||
168 | read_f = dlsym(RTLD_NEXT, "read"); | ||
169 | if (read_f == NULL) { | ||
170 | warnx("%s: dlsym", __func__); | ||
171 | errno = EBADF; | ||
172 | return (-1); | ||
173 | } | ||
174 | } | ||
175 | |||
176 | if (write_f == NULL) { | ||
177 | write_f = dlsym(RTLD_NEXT, "write"); | ||
178 | if (write_f == NULL) { | ||
179 | warnx("%s: dlsym", __func__); | ||
180 | errno = EBADF; | ||
181 | return (-1); | ||
182 | } | ||
183 | } | ||
184 | |||
185 | if (fd_tuple == NULL || fd_tuple->real_dev != fd) | ||
186 | return (read_f(fd, buf, nbytes)); | ||
187 | |||
188 | if ((n = read_f(fd, buf, nbytes)) < 0 || | ||
189 | write_f(fd_tuple->snoop_in, buf, n) != n) | ||
190 | return (-1); | ||
191 | |||
192 | return (n); | ||
193 | } | ||
194 | |||
195 | ssize_t | ||
196 | write(int fd, const void *buf, size_t nbytes) | ||
197 | { | ||
198 | ssize_t n; | ||
199 | |||
200 | if (write_f == NULL) { | ||
201 | write_f = dlsym(RTLD_NEXT, "write"); | ||
202 | if (write_f == NULL) { | ||
203 | warnx("%s: dlsym", __func__); | ||
204 | errno = EBADF; | ||
205 | return (-1); | ||
206 | } | ||
207 | } | ||
208 | |||
209 | if (fd_tuple == NULL || fd_tuple->real_dev != fd) | ||
210 | return (write_f(fd, buf, nbytes)); | ||
211 | |||
212 | if ((n = write_f(fd, buf, nbytes)) < 0 || | ||
213 | write_f(fd_tuple->snoop_out, buf, n) != n) | ||
214 | return (-1); | ||
215 | |||
216 | return (n); | ||
217 | } | ||
diff --git a/fuzz/report b/fuzz/report new file mode 100755 index 0000000..bebb0ca --- /dev/null +++ b/fuzz/report | |||
@@ -0,0 +1,80 @@ | |||
1 | #!/bin/bash -e | ||
2 | # Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | # Use of this source code is governed by a BSD-style | ||
4 | # license that can be found in the LICENSE file. | ||
5 | # | ||
6 | # XXX This should really be a Makefile. | ||
7 | |||
8 | T="" | ||
9 | #T+=" harnesses/assert" | ||
10 | #T+=" harnesses/assert-rsa-h-p" | ||
11 | #T+=" harnesses/assert-u2f" | ||
12 | #T+=" harnesses/cred" | ||
13 | #T+=" harnesses/cred-rsa-h-p" | ||
14 | #T+=" harnesses/cred-u2f" | ||
15 | #T+=" harnesses/cred-u2f-exclude" | ||
16 | #T+=" harnesses/fido2-assert-G" | ||
17 | #T+=" harnesses/fido2-assert-V" | ||
18 | #T+=" harnesses/fido2-cred-M" | ||
19 | #T+=" harnesses/fido2-cred-V" | ||
20 | T+=" harnesses/fuzz_assert" | ||
21 | T+=" harnesses/fuzz_bio" | ||
22 | T+=" harnesses/fuzz_cred" | ||
23 | T+=" harnesses/fuzz_credman" | ||
24 | T+=" harnesses/fuzz_mgmt" | ||
25 | |||
26 | clean() { | ||
27 | echo cleaning | ||
28 | rm -rf obj | ||
29 | mkdir obj | ||
30 | } | ||
31 | |||
32 | build() { | ||
33 | echo building | ||
34 | mkdir obj/build | ||
35 | (cd obj/build && cmake -DFUZZ=1 -DLIBFUZZER=1 -DCMAKE_C_COMPILER=clang \ | ||
36 | -DCOVERAGE=1 -DCMAKE_BUILD_TYPE=Debug ../../..) 2>/dev/null 1>&2 | ||
37 | make -C obj/build 2>/dev/null 1>&2 | ||
38 | cc -fPIC -D_GNU_SOURCE -shared -o obj/preload-fuzz.so preload-fuzz.c | ||
39 | } | ||
40 | |||
41 | sync() { | ||
42 | if [ -n "${REMOTE}" ]; then | ||
43 | for t in ${T}; do | ||
44 | echo syncing ${t} | ||
45 | (cd obj && REMOTE="${REMOTE}" ../${t} sync) | ||
46 | done | ||
47 | else | ||
48 | tar -C obj -zxf corpus.tgz | ||
49 | fi | ||
50 | } | ||
51 | |||
52 | run() { | ||
53 | export LLVM_PROFILE_FILE="profraw/%h-%p.profraw" | ||
54 | export PRELOAD=$(realpath obj/preload-fuzz.so) | ||
55 | |||
56 | for t in ${T}; do | ||
57 | echo running ${t} | ||
58 | (cd obj && ../${t} run) | ||
59 | done | ||
60 | } | ||
61 | |||
62 | merge() { | ||
63 | echo merging | ||
64 | (cd obj && \ | ||
65 | llvm-profdata merge -sparse profraw/*.profraw \ | ||
66 | -o libfido2.profdata && | ||
67 | llvm-cov show -format=html -tab-size=8 build/src/libfido2.so \ | ||
68 | -instr-profile=libfido2.profdata > report.html && | ||
69 | llvm-cov report -use-color=false build/src/libfido2.so \ | ||
70 | -instr-profile=libfido2.profdata > summary.txt && | ||
71 | llvm-cov report -use-color=false -show-functions \ | ||
72 | -instr-profile=libfido2.profdata build/src/libfido2.so \ | ||
73 | ../../src/*.[ch] > functions.txt) | ||
74 | } | ||
75 | |||
76 | clean | ||
77 | build | ||
78 | sync | ||
79 | run | ||
80 | merge | ||
diff --git a/fuzz/summary.txt b/fuzz/summary.txt new file mode 100644 index 0000000..e494865 --- /dev/null +++ b/fuzz/summary.txt | |||
@@ -0,0 +1,39 @@ | |||
1 | Filename Regions Missed Regions Cover Functions Missed Functions Executed Lines Missed Lines Cover | ||
2 | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ||
3 | fuzz/uniform_random.c 7 1 85.71% 1 0 100.00% 23 1 95.65% | ||
4 | fuzz/wrap.c 4 0 100.00% 1 0 100.00% 7 0 100.00% | ||
5 | openbsd-compat/explicit_bzero.c 4 0 100.00% 1 0 100.00% 12 0 100.00% | ||
6 | openbsd-compat/recallocarray.c 41 7 82.93% 1 0 100.00% 49 7 85.71% | ||
7 | openbsd-compat/timingsafe_bcmp.c 4 0 100.00% 1 0 100.00% 8 0 100.00% | ||
8 | src/aes256.c 56 0 100.00% 2 0 100.00% 82 0 100.00% | ||
9 | src/assert.c 569 29 94.90% 53 1 98.11% 901 60 93.34% | ||
10 | src/authkey.c 45 0 100.00% 5 0 100.00% 75 0 100.00% | ||
11 | src/bio.c 422 21 95.02% 49 2 95.92% 661 25 96.22% | ||
12 | src/blob.c 39 1 97.44% 7 0 100.00% 73 4 94.52% | ||
13 | src/buf.c 8 1 87.50% 2 0 100.00% 20 1 95.00% | ||
14 | src/cbor.c 844 31 96.33% 51 1 98.04% 1319 47 96.44% | ||
15 | src/cred.c 532 35 93.42% 54 1 98.15% 850 55 93.53% | ||
16 | src/credman.c 381 18 95.28% 38 0 100.00% 589 15 97.45% | ||
17 | src/dev.c 131 22 83.21% 19 1 94.74% 183 30 83.61% | ||
18 | src/ecdh.c 68 0 100.00% 2 0 100.00% 104 0 100.00% | ||
19 | src/eddsa.c 54 4 92.59% 8 0 100.00% 79 2 97.47% | ||
20 | src/err.c 108 108 0.00% 1 1 0.00% 112 112 0.00% | ||
21 | src/es256.c 273 4 98.53% 16 0 100.00% 372 13 96.51% | ||
22 | src/hid.c 16 16 0.00% 8 8 0.00% 38 38 0.00% | ||
23 | src/hid_linux.c 166 166 0.00% 12 12 0.00% 287 287 0.00% | ||
24 | src/info.c 148 1 99.32% 31 0 100.00% 305 0 100.00% | ||
25 | src/io.c 113 6 94.69% 7 0 100.00% 201 13 93.53% | ||
26 | src/iso7816.c 18 1 94.44% 5 0 100.00% 47 0 100.00% | ||
27 | src/log.c 16 10 37.50% 3 1 66.67% 34 23 32.35% | ||
28 | src/pin.c 250 0 100.00% 16 0 100.00% 364 0 100.00% | ||
29 | src/reset.c 20 0 100.00% 3 0 100.00% 23 0 100.00% | ||
30 | src/rs256.c 102 6 94.12% 8 0 100.00% 140 9 93.57% | ||
31 | src/u2f.c 436 11 97.48% 13 0 100.00% 686 22 96.79% | ||
32 | |||
33 | Files which contain no functions: | ||
34 | src/extern.h 0 0 - 0 0 - 0 0 - | ||
35 | src/fido.h 0 0 - 0 0 - 0 0 - | ||
36 | src/fido/err.h 0 0 - 0 0 - 0 0 - | ||
37 | src/fido/param.h 0 0 - 0 0 - 0 0 - | ||
38 | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ||
39 | TOTAL 4875 499 89.76% 418 28 93.30% 7644 764 90.01% | ||
diff --git a/fuzz/uniform_random.c b/fuzz/uniform_random.c new file mode 100644 index 0000000..7711d69 --- /dev/null +++ b/fuzz/uniform_random.c | |||
@@ -0,0 +1,56 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2008, Damien Miller <djm@openbsd.org> | ||
3 | * | ||
4 | * Permission to use, copy, modify, and distribute this software for any | ||
5 | * purpose with or without fee is hereby granted, provided that the above | ||
6 | * copyright notice and this permission notice appear in all copies. | ||
7 | * | ||
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
15 | */ | ||
16 | |||
17 | #include <stdint.h> | ||
18 | #include <stdlib.h> | ||
19 | |||
20 | uint32_t uniform_random(uint32_t); | ||
21 | |||
22 | /* | ||
23 | * Calculate a uniformly distributed random number less than upper_bound | ||
24 | * avoiding "modulo bias". | ||
25 | * | ||
26 | * Uniformity is achieved by generating new random numbers until the one | ||
27 | * returned is outside the range [0, 2**32 % upper_bound). This | ||
28 | * guarantees the selected random number will be inside | ||
29 | * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) | ||
30 | * after reduction modulo upper_bound. | ||
31 | */ | ||
32 | uint32_t | ||
33 | uniform_random(uint32_t upper_bound) | ||
34 | { | ||
35 | uint32_t r, min; | ||
36 | |||
37 | if (upper_bound < 2) | ||
38 | return 0; | ||
39 | |||
40 | /* 2**32 % x == (2**32 - x) % x */ | ||
41 | min = -upper_bound % upper_bound; | ||
42 | |||
43 | /* | ||
44 | * This could theoretically loop forever but each retry has | ||
45 | * p > 0.5 (worst case, usually far better) of selecting a | ||
46 | * number inside the range we need, so it should rarely need | ||
47 | * to re-roll. | ||
48 | */ | ||
49 | for (;;) { | ||
50 | r = (uint32_t)random(); | ||
51 | if (r >= min) | ||
52 | break; | ||
53 | } | ||
54 | |||
55 | return r % upper_bound; | ||
56 | } | ||
diff --git a/fuzz/wrap.c b/fuzz/wrap.c new file mode 100644 index 0000000..8ff7ee7 --- /dev/null +++ b/fuzz/wrap.c | |||
@@ -0,0 +1,419 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #include <openssl/bn.h> | ||
8 | #include <openssl/evp.h> | ||
9 | #include <openssl/sha.h> | ||
10 | |||
11 | #include <cbor.h> | ||
12 | #include <fido.h> | ||
13 | |||
14 | #include <stdbool.h> | ||
15 | #include <stdint.h> | ||
16 | #include <stdio.h> | ||
17 | #include <stdlib.h> | ||
18 | |||
19 | #include "mutator_aux.h" | ||
20 | |||
21 | /* | ||
22 | * Build wrappers around functions of interest, and have them fail | ||
23 | * in a pseudo-random manner. | ||
24 | */ | ||
25 | |||
26 | #define WRAP(type, name, args, retval, param, prob) \ | ||
27 | extern type __wrap_##name args; \ | ||
28 | extern type __real_##name args; \ | ||
29 | type __wrap_##name args { \ | ||
30 | if (uniform_random(400) < (prob)) { \ | ||
31 | return (retval); \ | ||
32 | } \ | ||
33 | \ | ||
34 | return (__real_##name param); \ | ||
35 | } | ||
36 | |||
37 | WRAP(void *, | ||
38 | malloc, | ||
39 | (size_t size), | ||
40 | NULL, | ||
41 | (size), | ||
42 | 1 | ||
43 | ) | ||
44 | |||
45 | WRAP(void *, | ||
46 | calloc, | ||
47 | (size_t nmemb, size_t size), | ||
48 | NULL, | ||
49 | (nmemb, size), | ||
50 | 1 | ||
51 | ) | ||
52 | |||
53 | WRAP(char *, | ||
54 | strdup, | ||
55 | (const char *s), | ||
56 | NULL, | ||
57 | (s), | ||
58 | 1 | ||
59 | ) | ||
60 | |||
61 | WRAP(EVP_CIPHER_CTX *, | ||
62 | EVP_CIPHER_CTX_new, | ||
63 | (void), | ||
64 | NULL, | ||
65 | (), | ||
66 | 1 | ||
67 | ) | ||
68 | |||
69 | WRAP(int, EVP_EncryptInit_ex, | ||
70 | (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, | ||
71 | const unsigned char *key, const unsigned char *iv), | ||
72 | 0, | ||
73 | (ctx, type, impl, key, iv), | ||
74 | 1 | ||
75 | ) | ||
76 | |||
77 | WRAP(int, | ||
78 | EVP_CIPHER_CTX_set_padding, | ||
79 | (EVP_CIPHER_CTX *x, int padding), | ||
80 | 0, | ||
81 | (x, padding), | ||
82 | 1 | ||
83 | ) | ||
84 | |||
85 | WRAP(int, | ||
86 | EVP_EncryptUpdate, | ||
87 | (EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | ||
88 | const unsigned char *in, int inl), | ||
89 | 0, | ||
90 | (ctx, out, outl, in, inl), | ||
91 | 1 | ||
92 | ) | ||
93 | |||
94 | WRAP(int, | ||
95 | EVP_DecryptInit_ex, | ||
96 | (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, | ||
97 | const unsigned char *key, const unsigned char *iv), | ||
98 | 0, | ||
99 | (ctx, type, impl, key, iv), | ||
100 | 1 | ||
101 | ) | ||
102 | |||
103 | WRAP(int, | ||
104 | EVP_DecryptUpdate, | ||
105 | (EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | ||
106 | const unsigned char *in, int inl), | ||
107 | 0, | ||
108 | (ctx, out, outl, in, inl), | ||
109 | 1 | ||
110 | ) | ||
111 | |||
112 | WRAP(int, | ||
113 | SHA256_Init, | ||
114 | (SHA256_CTX *c), | ||
115 | 0, | ||
116 | (c), | ||
117 | 1 | ||
118 | ) | ||
119 | |||
120 | WRAP(int, | ||
121 | SHA256_Update, | ||
122 | (SHA256_CTX *c, const void *data, size_t len), | ||
123 | 0, | ||
124 | (c, data, len), | ||
125 | 1 | ||
126 | ) | ||
127 | |||
128 | WRAP(int, | ||
129 | SHA256_Final, | ||
130 | (unsigned char *md, SHA256_CTX *c), | ||
131 | 0, | ||
132 | (md, c), | ||
133 | 1 | ||
134 | ) | ||
135 | |||
136 | WRAP(RSA *, | ||
137 | EVP_PKEY_get0_RSA, | ||
138 | (EVP_PKEY *pkey), | ||
139 | NULL, | ||
140 | (pkey), | ||
141 | 1 | ||
142 | ) | ||
143 | |||
144 | WRAP(EVP_MD_CTX *, | ||
145 | EVP_MD_CTX_new, | ||
146 | (void), | ||
147 | NULL, | ||
148 | (), | ||
149 | 1 | ||
150 | ) | ||
151 | |||
152 | WRAP(int, | ||
153 | EVP_DigestVerifyInit, | ||
154 | (EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, | ||
155 | EVP_PKEY *pkey), | ||
156 | 0, | ||
157 | (ctx, pctx, type, e, pkey), | ||
158 | 1 | ||
159 | ) | ||
160 | |||
161 | WRAP(BIGNUM *, | ||
162 | BN_bin2bn, | ||
163 | (const unsigned char *s, int len, BIGNUM *ret), | ||
164 | NULL, | ||
165 | (s, len, ret), | ||
166 | 1 | ||
167 | ) | ||
168 | |||
169 | WRAP(BIGNUM *, | ||
170 | BN_CTX_get, | ||
171 | (BN_CTX *ctx), | ||
172 | NULL, | ||
173 | (ctx), | ||
174 | 1 | ||
175 | ) | ||
176 | |||
177 | WRAP(BN_CTX *, | ||
178 | BN_CTX_new, | ||
179 | (void), | ||
180 | NULL, | ||
181 | (), | ||
182 | 1 | ||
183 | ) | ||
184 | |||
185 | WRAP(BIGNUM *, | ||
186 | BN_new, | ||
187 | (void), | ||
188 | NULL, | ||
189 | (), | ||
190 | 1 | ||
191 | ) | ||
192 | |||
193 | WRAP(int, | ||
194 | RSA_set0_key, | ||
195 | (RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d), | ||
196 | 0, | ||
197 | (r, n, e, d), | ||
198 | 1 | ||
199 | ) | ||
200 | |||
201 | WRAP(EC_KEY *, | ||
202 | EC_KEY_new_by_curve_name, | ||
203 | (int nid), | ||
204 | NULL, | ||
205 | (nid), | ||
206 | 1 | ||
207 | ) | ||
208 | |||
209 | WRAP(const EC_GROUP *, | ||
210 | EC_KEY_get0_group, | ||
211 | (const EC_KEY *key), | ||
212 | NULL, | ||
213 | (key), | ||
214 | 1 | ||
215 | ) | ||
216 | |||
217 | WRAP(EC_POINT *, | ||
218 | EC_POINT_new, | ||
219 | (const EC_GROUP *group), | ||
220 | NULL, | ||
221 | (group), | ||
222 | 1 | ||
223 | ) | ||
224 | |||
225 | WRAP(EVP_PKEY *, | ||
226 | EVP_PKEY_new, | ||
227 | (void), | ||
228 | NULL, | ||
229 | (), | ||
230 | 1 | ||
231 | ) | ||
232 | |||
233 | WRAP(int, | ||
234 | EVP_PKEY_assign, | ||
235 | (EVP_PKEY *pkey, int type, void *key), | ||
236 | 0, | ||
237 | (pkey, type, key), | ||
238 | 1 | ||
239 | ) | ||
240 | |||
241 | WRAP(EVP_PKEY *, | ||
242 | EVP_PKEY_new_raw_public_key, | ||
243 | (int type, ENGINE *e, const unsigned char *key, size_t keylen), | ||
244 | NULL, | ||
245 | (type, e, key, keylen), | ||
246 | 1 | ||
247 | ) | ||
248 | |||
249 | WRAP(EVP_PKEY_CTX *, | ||
250 | EVP_PKEY_CTX_new, | ||
251 | (EVP_PKEY *pkey, ENGINE *e), | ||
252 | NULL, | ||
253 | (pkey, e), | ||
254 | 1 | ||
255 | ) | ||
256 | |||
257 | WRAP(int, | ||
258 | EVP_PKEY_derive_init, | ||
259 | (EVP_PKEY_CTX *ctx), | ||
260 | 0, | ||
261 | (ctx), | ||
262 | 1 | ||
263 | ) | ||
264 | |||
265 | WRAP(int, | ||
266 | EVP_PKEY_derive_set_peer, | ||
267 | (EVP_PKEY_CTX *ctx, EVP_PKEY *peer), | ||
268 | 0, | ||
269 | (ctx, peer), | ||
270 | 1 | ||
271 | ) | ||
272 | |||
273 | WRAP(const EVP_MD *, | ||
274 | EVP_sha256, | ||
275 | (void), | ||
276 | NULL, | ||
277 | (), | ||
278 | 1 | ||
279 | ) | ||
280 | |||
281 | WRAP(unsigned char *, | ||
282 | HMAC, | ||
283 | (const EVP_MD *evp_md, const void *key, int key_len, | ||
284 | const unsigned char *d, int n, unsigned char *md, | ||
285 | unsigned int *md_len), | ||
286 | NULL, | ||
287 | (evp_md, key, key_len, d, n, md, md_len), | ||
288 | 1 | ||
289 | ) | ||
290 | |||
291 | WRAP(HMAC_CTX *, | ||
292 | HMAC_CTX_new, | ||
293 | (void), | ||
294 | NULL, | ||
295 | (), | ||
296 | 1 | ||
297 | ) | ||
298 | |||
299 | WRAP(int, | ||
300 | HMAC_Init_ex, | ||
301 | (HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, | ||
302 | ENGINE *impl), | ||
303 | 0, | ||
304 | (ctx, key, key_len, md, impl), | ||
305 | 1 | ||
306 | ) | ||
307 | |||
308 | WRAP(int, | ||
309 | HMAC_Update, | ||
310 | (HMAC_CTX *ctx, const unsigned char *data, int len), | ||
311 | 0, | ||
312 | (ctx, data, len), | ||
313 | 1 | ||
314 | ) | ||
315 | |||
316 | WRAP(int, | ||
317 | HMAC_Final, | ||
318 | (HMAC_CTX *ctx, unsigned char *md, unsigned int *len), | ||
319 | 0, | ||
320 | (ctx, md, len), | ||
321 | 1 | ||
322 | ) | ||
323 | |||
324 | WRAP(unsigned char *, | ||
325 | SHA256, | ||
326 | (const unsigned char *d, size_t n, unsigned char *md), | ||
327 | NULL, | ||
328 | (d, n, md), | ||
329 | 1 | ||
330 | ) | ||
331 | |||
332 | WRAP(cbor_item_t *, | ||
333 | cbor_build_string, | ||
334 | (const char *val), | ||
335 | NULL, | ||
336 | (val), | ||
337 | 1 | ||
338 | ) | ||
339 | |||
340 | WRAP(cbor_item_t *, | ||
341 | cbor_build_bytestring, | ||
342 | (cbor_data handle, size_t length), | ||
343 | NULL, | ||
344 | (handle, length), | ||
345 | 1 | ||
346 | ) | ||
347 | |||
348 | WRAP(cbor_item_t *, | ||
349 | cbor_load, | ||
350 | (cbor_data source, size_t source_size, struct cbor_load_result *result), | ||
351 | NULL, | ||
352 | (source, source_size, result), | ||
353 | 1 | ||
354 | ) | ||
355 | |||
356 | WRAP(cbor_item_t *, | ||
357 | cbor_build_uint8, | ||
358 | (uint8_t value), | ||
359 | NULL, | ||
360 | (value), | ||
361 | 1 | ||
362 | ) | ||
363 | |||
364 | WRAP(struct cbor_pair *, | ||
365 | cbor_map_handle, | ||
366 | (const cbor_item_t *item), | ||
367 | NULL, | ||
368 | (item), | ||
369 | 1 | ||
370 | ) | ||
371 | |||
372 | WRAP(cbor_item_t **, | ||
373 | cbor_array_handle, | ||
374 | (const cbor_item_t *item), | ||
375 | NULL, | ||
376 | (item), | ||
377 | 1 | ||
378 | ) | ||
379 | |||
380 | WRAP(bool, | ||
381 | cbor_map_add, | ||
382 | (cbor_item_t *item, struct cbor_pair pair), | ||
383 | false, | ||
384 | (item, pair), | ||
385 | 1 | ||
386 | ) | ||
387 | |||
388 | WRAP(cbor_item_t *, | ||
389 | cbor_new_definite_map, | ||
390 | (size_t size), | ||
391 | NULL, | ||
392 | (size), | ||
393 | 1 | ||
394 | ) | ||
395 | |||
396 | WRAP(size_t, | ||
397 | cbor_serialize_alloc, | ||
398 | (const cbor_item_t *item, cbor_mutable_data *buffer, | ||
399 | size_t *buffer_size), | ||
400 | 0, | ||
401 | (item, buffer, buffer_size), | ||
402 | 1 | ||
403 | ) | ||
404 | |||
405 | WRAP(int, | ||
406 | fido_tx, | ||
407 | (fido_dev_t *d, uint8_t cmd, const void *buf, size_t count), | ||
408 | -1, | ||
409 | (d, cmd, buf, count), | ||
410 | 1 | ||
411 | ) | ||
412 | |||
413 | WRAP(int, | ||
414 | usleep, | ||
415 | (unsigned int usec), | ||
416 | -1, | ||
417 | (usec), | ||
418 | 1 | ||
419 | ) | ||
diff --git a/fuzz/wrapped.sym b/fuzz/wrapped.sym new file mode 100644 index 0000000..3679f91 --- /dev/null +++ b/fuzz/wrapped.sym | |||
@@ -0,0 +1,47 @@ | |||
1 | BN_bin2bn | ||
2 | BN_CTX_get | ||
3 | BN_CTX_new | ||
4 | BN_new | ||
5 | calloc | ||
6 | cbor_array_handle | ||
7 | cbor_build_bytestring | ||
8 | cbor_build_string | ||
9 | cbor_build_uint8 | ||
10 | cbor_load | ||
11 | cbor_map_add | ||
12 | cbor_map_handle | ||
13 | cbor_new_definite_map | ||
14 | cbor_serialize_alloc | ||
15 | EC_KEY_get0_group | ||
16 | EC_KEY_new_by_curve_name | ||
17 | EC_POINT_new | ||
18 | EVP_CIPHER_CTX_new | ||
19 | EVP_CIPHER_CTX_set_padding | ||
20 | EVP_DecryptInit_ex | ||
21 | EVP_DecryptUpdate | ||
22 | EVP_DigestVerifyInit | ||
23 | EVP_EncryptInit_ex | ||
24 | EVP_EncryptUpdate | ||
25 | EVP_MD_CTX_new | ||
26 | EVP_PKEY_assign | ||
27 | EVP_PKEY_CTX_new | ||
28 | EVP_PKEY_derive_init | ||
29 | EVP_PKEY_derive_set_peer | ||
30 | EVP_PKEY_get0_RSA | ||
31 | EVP_PKEY_new | ||
32 | EVP_PKEY_new_raw_public_key | ||
33 | EVP_sha256 | ||
34 | fido_tx | ||
35 | HMAC | ||
36 | HMAC_CTX_new | ||
37 | HMAC_Final | ||
38 | HMAC_Init_ex | ||
39 | HMAC_Update | ||
40 | malloc | ||
41 | RSA_set0_key | ||
42 | SHA256 | ||
43 | SHA256_Final | ||
44 | SHA256_Init | ||
45 | SHA256_Update | ||
46 | strdup | ||
47 | usleep | ||