summaryrefslogtreecommitdiff
path: root/fuzz/fuzz_mgmt.c
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz/fuzz_mgmt.c')
-rw-r--r--fuzz/fuzz_mgmt.c529
1 files changed, 529 insertions, 0 deletions
diff --git a/fuzz/fuzz_mgmt.c b/fuzz/fuzz_mgmt.c
new file mode 100644
index 0000000..741b375
--- /dev/null
+++ b/fuzz/fuzz_mgmt.c
@@ -0,0 +1,529 @@
1/*
2 * Copyright (c) 2019 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
5 */
6
7#include <assert.h>
8#include <stdint.h>
9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
12
13#include "mutator_aux.h"
14#include "fido.h"
15
16#include "../openbsd-compat/openbsd-compat.h"
17
18#define TAG_PIN1 0x01
19#define TAG_PIN2 0x02
20#define TAG_RESET_WIRE_DATA 0x03
21#define TAG_INFO_WIRE_DATA 0x04
22#define TAG_SET_PIN_WIRE_DATA 0x05
23#define TAG_CHANGE_PIN_WIRE_DATA 0x06
24#define TAG_RETRY_WIRE_DATA 0x07
25#define TAG_SEED 0x08
26
27struct param {
28 char pin1[MAXSTR];
29 char pin2[MAXSTR];
30 struct blob reset_wire_data;
31 struct blob info_wire_data;
32 struct blob set_pin_wire_data;
33 struct blob change_pin_wire_data;
34 struct blob retry_wire_data;
35 int seed;
36};
37
38/* Example parameters. */
39static const char dummy_pin1[] = "skepp cg0u3;Y..";
40static const char dummy_pin2[] = "bastilha 6rJrfQZI.";
41
42static const uint8_t dummy_reset_wire_data[] = {
43 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x91,
44 0xef, 0xbe, 0x74, 0x39, 0x1a, 0x1c, 0x4a, 0x00,
45 0x22, 0x00, 0x01, 0x02, 0x05, 0x02, 0x01, 0x05,
46 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
47 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
48 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
49 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
50 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
51 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
52 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
53 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
54 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
55 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
56 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
57 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
60 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
64 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
65 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
66 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
67 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
68 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
73 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
75 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
76 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
78 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
79 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
80 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
81 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
82 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
83 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
84 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
85 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
86 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
87 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
89 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
91 0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x01,
92 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
93 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99 0x00, 0x22, 0x00, 0x01, 0x90, 0x00, 0x01, 0x00,
100 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
103 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
107};
108
109static const uint8_t dummy_info_wire_data[] = {
110 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x80,
111 0x43, 0x56, 0x40, 0xb1, 0x4e, 0xd9, 0x2d, 0x00,
112 0x22, 0x00, 0x02, 0x02, 0x05, 0x02, 0x01, 0x05,
113 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
117 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xb9, 0x00,
119 0xa9, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5f,
120 0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4f, 0x5f,
121 0x32, 0x5f, 0x30, 0x6c, 0x46, 0x49, 0x44, 0x4f,
122 0x5f, 0x32, 0x5f, 0x31, 0x5f, 0x50, 0x52, 0x45,
123 0x02, 0x82, 0x6b, 0x63, 0x72, 0x65, 0x64, 0x50,
124 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x6b, 0x68,
125 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x65, 0x63, 0x72,
126 0x00, 0x22, 0x00, 0x02, 0x00, 0x65, 0x74, 0x03,
127 0x50, 0x19, 0x56, 0xe5, 0xbd, 0xa3, 0x74, 0x45,
128 0xf1, 0xa8, 0x14, 0x35, 0x64, 0x03, 0xfd, 0xbc,
129 0x18, 0x04, 0xa5, 0x62, 0x72, 0x6b, 0xf5, 0x62,
130 0x75, 0x70, 0xf5, 0x64, 0x70, 0x6c, 0x61, 0x74,
131 0xf4, 0x69, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
132 0x50, 0x69, 0x6e, 0xf4, 0x75, 0x63, 0x72, 0x65,
133 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4d,
134 0x00, 0x22, 0x00, 0x02, 0x01, 0x67, 0x6d, 0x74,
135 0x50, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0xf5,
136 0x05, 0x19, 0x04, 0xb0, 0x06, 0x81, 0x01, 0x07,
137 0x08, 0x08, 0x18, 0x80, 0x0a, 0x82, 0xa2, 0x63,
138 0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70,
139 0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
140 0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c,
141 0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a,
142 0x00, 0x22, 0x00, 0x02, 0x02, 0x70, 0x75, 0x62,
143 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x00,
144 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
150};
151
152static const uint8_t dummy_set_pin_wire_data[] = {
153 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x59,
154 0x50, 0x8c, 0x27, 0x14, 0x83, 0x43, 0xd5, 0x00,
155 0x22, 0x00, 0x03, 0x02, 0x05, 0x02, 0x01, 0x05,
156 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
157 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
158 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
159 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
161 0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00,
162 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
163 0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
164 0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
165 0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
166 0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
167 0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
168 0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
169 0x00, 0x22, 0x00, 0x03, 0x00, 0x3f, 0xf1, 0x60,
170 0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
171 0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
172 0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
174 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
175 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
177 0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x01, 0x00,
178 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
179 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
180 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
181 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
182 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
184 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
185};
186
187static const uint8_t dummy_change_pin_wire_data[] = {
188 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x48,
189 0xfd, 0xf9, 0xde, 0x28, 0x21, 0x99, 0xd5, 0x00,
190 0x22, 0x00, 0x04, 0x02, 0x05, 0x02, 0x01, 0x05,
191 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
192 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
193 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
194 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
195 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
196 0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00,
197 0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
198 0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
199 0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
200 0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
201 0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
202 0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
203 0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
204 0x00, 0x22, 0x00, 0x04, 0x00, 0x3f, 0xf1, 0x60,
205 0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
206 0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
207 0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
208 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
209 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
210 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
212 0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x01, 0x00,
213 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
214 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
215 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
216 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
218 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
219 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
220};
221
222static const uint8_t dummy_retry_wire_data[] = {
223 0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x7f,
224 0xaa, 0x73, 0x3e, 0x95, 0x98, 0xa8, 0x60, 0x00,
225 0x22, 0x00, 0x05, 0x02, 0x05, 0x02, 0x01, 0x05,
226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
227 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
228 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
229 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
231 0x00, 0x22, 0x00, 0x05, 0x90, 0x00, 0x04, 0x00,
232 0xa1, 0x03, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
233 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
234 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
235 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
236 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
237 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
238 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
239};
240
241int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
242size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int);
243
244static int
245unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN
246{
247 uint8_t **pp = (void *)&ptr;
248
249 if (unpack_string(TAG_PIN1, pp, &len, p->pin1) < 0 ||
250 unpack_string(TAG_PIN2, pp, &len, p->pin2) < 0 ||
251 unpack_blob(TAG_RESET_WIRE_DATA, pp, &len, &p->reset_wire_data) < 0 ||
252 unpack_blob(TAG_INFO_WIRE_DATA, pp, &len, &p->info_wire_data) < 0 ||
253 unpack_blob(TAG_SET_PIN_WIRE_DATA, pp, &len, &p->set_pin_wire_data) < 0 ||
254 unpack_blob(TAG_CHANGE_PIN_WIRE_DATA, pp, &len, &p->change_pin_wire_data) < 0 ||
255 unpack_blob(TAG_RETRY_WIRE_DATA, pp, &len, &p->retry_wire_data) < 0 ||
256 unpack_int(TAG_SEED, pp, &len, &p->seed) < 0)
257 return (-1);
258
259 return (0);
260}
261
262static size_t
263pack(uint8_t *ptr, size_t len, const struct param *p)
264{
265 const size_t max = len;
266
267 if (pack_string(TAG_PIN1, &ptr, &len, p->pin1) < 0 ||
268 pack_string(TAG_PIN2, &ptr, &len, p->pin2) < 0 ||
269 pack_blob(TAG_RESET_WIRE_DATA, &ptr, &len, &p->reset_wire_data) < 0 ||
270 pack_blob(TAG_INFO_WIRE_DATA, &ptr, &len, &p->info_wire_data) < 0 ||
271 pack_blob(TAG_SET_PIN_WIRE_DATA, &ptr, &len, &p->set_pin_wire_data) < 0 ||
272 pack_blob(TAG_CHANGE_PIN_WIRE_DATA, &ptr, &len, &p->change_pin_wire_data) < 0 ||
273 pack_blob(TAG_RETRY_WIRE_DATA, &ptr, &len, &p->retry_wire_data) < 0 ||
274 pack_int(TAG_SEED, &ptr, &len, p->seed) < 0)
275 return (0);
276
277 return (max - len);
278}
279
280static fido_dev_t *
281prepare_dev()
282{
283 fido_dev_t *dev;
284 fido_dev_io_t io;
285
286 io.open = dev_open;
287 io.close = dev_close;
288 io.read = dev_read;
289 io.write = dev_write;
290
291 if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev,
292 &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) {
293 fido_dev_free(&dev);
294 return (NULL);
295 }
296
297 return (dev);
298}
299
300static void
301dev_reset(struct param *p)
302{
303 fido_dev_t *dev;
304
305 set_wire_data(p->reset_wire_data.body, p->reset_wire_data.len);
306
307 if ((dev = prepare_dev()) == NULL) {
308 return;
309 }
310
311 fido_dev_reset(dev);
312 fido_dev_close(dev);
313 fido_dev_free(&dev);
314}
315
316static void
317dev_get_cbor_info(struct param *p)
318{
319 fido_dev_t *dev;
320 fido_cbor_info_t *ci;
321 uint64_t n;
322 uint8_t proto;
323 uint8_t major;
324 uint8_t minor;
325 uint8_t build;
326 uint8_t flags;
327
328 set_wire_data(p->info_wire_data.body, p->info_wire_data.len);
329
330 if ((dev = prepare_dev()) == NULL) {
331 return;
332 }
333
334 proto = fido_dev_protocol(dev);
335 major = fido_dev_major(dev);
336 minor = fido_dev_minor(dev);
337 build = fido_dev_build(dev);
338 flags = fido_dev_flags(dev);
339
340 consume(&proto, sizeof(proto));
341 consume(&major, sizeof(major));
342 consume(&minor, sizeof(minor));
343 consume(&build, sizeof(build));
344 consume(&flags, sizeof(flags));
345
346 if ((ci = fido_cbor_info_new()) == NULL) {
347 fido_dev_close(dev);
348 fido_dev_free(&dev);
349 return;
350 }
351
352 fido_dev_get_cbor_info(dev, ci);
353 fido_dev_close(dev);
354 fido_dev_free(&dev);
355
356 for (size_t i = 0; i < fido_cbor_info_versions_len(ci); i++) {
357 char * const *sa = fido_cbor_info_versions_ptr(ci);
358 consume(sa[i], strlen(sa[i]));
359 }
360 for (size_t i = 0; i < fido_cbor_info_extensions_len(ci); i++) {
361 char * const *sa = fido_cbor_info_extensions_ptr(ci);
362 consume(sa[i], strlen(sa[i]));
363 }
364
365 for (size_t i = 0; i < fido_cbor_info_options_len(ci); i++) {
366 char * const *sa = fido_cbor_info_options_name_ptr(ci);
367 const bool *va = fido_cbor_info_options_value_ptr(ci);
368 consume(sa[i], strlen(sa[i]));
369 consume(&va[i], sizeof(va[i]));
370 }
371
372 n = fido_cbor_info_maxmsgsiz(ci);
373 consume(&n, sizeof(n));
374
375 consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci));
376 consume(fido_cbor_info_protocols_ptr(ci),
377 fido_cbor_info_protocols_len(ci));
378
379 fido_cbor_info_free(&ci);
380}
381
382static void
383dev_set_pin(struct param *p)
384{
385 fido_dev_t *dev;
386
387 set_wire_data(p->set_pin_wire_data.body, p->set_pin_wire_data.len);
388
389 if ((dev = prepare_dev()) == NULL) {
390 return;
391 }
392
393 fido_dev_set_pin(dev, p->pin1, NULL);
394 fido_dev_close(dev);
395 fido_dev_free(&dev);
396}
397
398static void
399dev_change_pin(struct param *p)
400{
401 fido_dev_t *dev;
402
403 set_wire_data(p->change_pin_wire_data.body, p->change_pin_wire_data.len);
404
405 if ((dev = prepare_dev()) == NULL) {
406 return;
407 }
408
409 fido_dev_set_pin(dev, p->pin2, p->pin1);
410 fido_dev_close(dev);
411 fido_dev_free(&dev);
412}
413
414static void
415dev_get_retry_count(struct param *p)
416{
417 fido_dev_t *dev;
418 int n;
419
420 set_wire_data(p->retry_wire_data.body, p->retry_wire_data.len);
421
422 if ((dev = prepare_dev()) == NULL) {
423 return;
424 }
425
426 fido_dev_get_retry_count(dev, &n);
427 consume(&n, sizeof(n));
428 fido_dev_close(dev);
429 fido_dev_free(&dev);
430}
431
432int
433LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
434{
435 struct param p;
436
437 memset(&p, 0, sizeof(p));
438
439 if (unpack(data, size, &p) < 0)
440 return (0);
441
442 srandom((unsigned int)p.seed);
443
444 fido_init(0);
445
446 dev_reset(&p);
447 dev_get_cbor_info(&p);
448 dev_set_pin(&p);
449 dev_change_pin(&p);
450 dev_get_retry_count(&p);
451
452 return (0);
453}
454
455static size_t
456pack_dummy(uint8_t *ptr, size_t len)
457{
458 struct param dummy;
459 uint8_t blob[16384];
460 size_t blob_len;
461
462 memset(&dummy, 0, sizeof(dummy));
463
464 strlcpy(dummy.pin1, dummy_pin1, sizeof(dummy.pin1));
465 strlcpy(dummy.pin2, dummy_pin2, sizeof(dummy.pin2));
466
467 dummy.reset_wire_data.len = sizeof(dummy_reset_wire_data);
468 dummy.info_wire_data.len = sizeof(dummy_info_wire_data);
469 dummy.set_pin_wire_data.len = sizeof(dummy_set_pin_wire_data);
470 dummy.change_pin_wire_data.len = sizeof(dummy_change_pin_wire_data);
471 dummy.retry_wire_data.len = sizeof(dummy_retry_wire_data);
472
473 memcpy(&dummy.reset_wire_data.body, &dummy_reset_wire_data,
474 dummy.reset_wire_data.len);
475 memcpy(&dummy.info_wire_data.body, &dummy_info_wire_data,
476 dummy.info_wire_data.len);
477 memcpy(&dummy.set_pin_wire_data.body, &dummy_set_pin_wire_data,
478 dummy.set_pin_wire_data.len);
479 memcpy(&dummy.change_pin_wire_data.body, &dummy_change_pin_wire_data,
480 dummy.change_pin_wire_data.len);
481 memcpy(&dummy.retry_wire_data.body, &dummy_retry_wire_data,
482 dummy.retry_wire_data.len);
483
484 blob_len = pack(blob, sizeof(blob), &dummy);
485 assert(blob_len != 0);
486
487 if (blob_len > len) {
488 memcpy(ptr, blob, len);
489 return (len);
490 }
491
492 memcpy(ptr, blob, blob_len);
493
494 return (blob_len);
495}
496
497size_t
498LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize,
499 unsigned int seed)
500{
501 struct param p;
502 uint8_t blob[16384];
503 size_t blob_len;
504
505 memset(&p, 0, sizeof(p));
506
507 if (unpack(data, size, &p) < 0)
508 return (pack_dummy(data, maxsize));
509
510 p.seed = (int)seed;
511
512 mutate_string(p.pin1);
513 mutate_string(p.pin2);
514
515 mutate_blob(&p.reset_wire_data);
516 mutate_blob(&p.info_wire_data);
517 mutate_blob(&p.set_pin_wire_data);
518 mutate_blob(&p.change_pin_wire_data);
519 mutate_blob(&p.retry_wire_data);
520
521 blob_len = pack(blob, sizeof(blob), &p);
522
523 if (blob_len == 0 || blob_len > maxsize)
524 return (0);
525
526 memcpy(data, blob, blob_len);
527
528 return (blob_len);
529}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-06 09:12:08 +0000