tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

fuzz_hsdescv3.c (2765B)

      1 /* Copyright (c) 2017-2021, The Tor Project, Inc. */
      2 /* See LICENSE for licensing information */
      3 
      4 #define HS_DESCRIPTOR_PRIVATE
      5 
      6 #include "core/or/or.h"
      7 #include "trunnel/ed25519_cert.h" /* Trunnel interface. */
      8 #include "lib/crypt_ops/crypto_ed25519.h"
      9 #include "feature/hs/hs_descriptor.h"
     10 #include "feature/dirparse/unparseable.h"
     11 
     12 #include "test/fuzz/fuzzing.h"
     13 
     14 static void
     15 mock_dump_desc__nodump(const char *desc, const char *type)
     16 {
     17  (void)desc;
     18  (void)type;
     19 }
     20 
     21 static int
     22 mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
     23                                 const size_t crosscert_len,
     24                                 const crypto_pk_t *rsa_id_key,
     25                                 const ed25519_public_key_t *master_key,
     26                                 const time_t reject_if_expired_before)
     27 {
     28  (void) crosscert;
     29  (void) crosscert_len;
     30  (void) rsa_id_key;
     31  (void) master_key;
     32  (void) reject_if_expired_before;
     33  return 0;
     34 }
     35 
     36 static size_t
     37 mock_decrypt_desc_layer(const hs_descriptor_t *desc,
     38                        const uint8_t *descriptor_cookie,
     39                        bool is_superencrypted_layer,
     40                        char **decrypted_out)
     41 {
     42  (void)is_superencrypted_layer;
     43  (void)desc;
     44  (void)descriptor_cookie;
     45  const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
     46  const uint8_t *encrypted_blob = (is_superencrypted_layer)
     47    ? desc->plaintext_data.superencrypted_blob
     48    : desc->superencrypted_data.encrypted_blob;
     49  size_t encrypted_blob_size = (is_superencrypted_layer)
     50    ? desc->plaintext_data.superencrypted_blob_size
     51    : desc->superencrypted_data.encrypted_blob_size;
     52 
     53  if (encrypted_blob_size < overhead)
     54    return 0;
     55  *decrypted_out = tor_memdup_nulterm(
     56                   encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
     57                   encrypted_blob_size - overhead);
     58  size_t result = strlen(*decrypted_out);
     59  if (result) {
     60    return result;
     61  } else {
     62    tor_free(*decrypted_out);
     63    return 0;
     64  }
     65 }
     66 
     67 int
     68 fuzz_init(void)
     69 {
     70  disable_signature_checking();
     71  MOCK(dump_desc, mock_dump_desc__nodump);
     72  MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
     73  MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
     74  ed25519_init();
     75  return 0;
     76 }
     77 
     78 int
     79 fuzz_cleanup(void)
     80 {
     81  return 0;
     82 }
     83 
     84 int
     85 fuzz_main(const uint8_t *data, size_t sz)
     86 {
     87  hs_descriptor_t *desc = NULL;
     88  hs_subcredential_t subcredential;
     89 
     90  char *fuzzing_data = tor_memdup_nulterm(data, sz);
     91  memset(&subcredential, 'A', sizeof(subcredential));
     92 
     93  hs_desc_decode_descriptor(fuzzing_data, &subcredential, NULL, &desc);
     94  if (desc) {
     95    log_debug(LD_GENERAL, "Decoding okay");
     96    hs_descriptor_free(desc);
     97  } else {
     98    log_debug(LD_GENERAL, "Decoding failed");
     99  }
    100 
    101  tor_free(fuzzing_data);
    102  return 0;
    103 }