fuzz_hsdescv3_inner.c (3360B)
1 /* Copyright (c) 2017-2021, The Tor Project, Inc. */ 2 /* See LICENSE for licensing information */ 3 4 #define HS_DESCRIPTOR_PRIVATE 5 6 #include "core/or/or.h" 7 #include "trunnel/ed25519_cert.h" /* Trunnel interface. */ 8 #include "lib/crypt_ops/crypto_ed25519.h" 9 #include "feature/hs/hs_descriptor.h" 10 #include "feature/dirparse/unparseable.h" 11 12 #include "test/fuzz/fuzzing.h" 13 14 static void 15 mock_dump_desc__nodump(const char *desc, const char *type) 16 { 17 (void)desc; 18 (void)type; 19 } 20 21 static int 22 mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert, 23 const size_t crosscert_len, 24 const crypto_pk_t *rsa_id_key, 25 const ed25519_public_key_t *master_key, 26 const time_t reject_if_expired_before) 27 { 28 (void) crosscert; 29 (void) crosscert_len; 30 (void) rsa_id_key; 31 (void) master_key; 32 (void) reject_if_expired_before; 33 return 0; 34 } 35 36 static size_t 37 mock_decrypt_desc_layer(const hs_descriptor_t *desc, 38 const uint8_t *descriptor_cookie, 39 bool is_superencrypted_layer, 40 char **decrypted_out) 41 { 42 (void)is_superencrypted_layer; 43 (void)desc; 44 (void)descriptor_cookie; 45 const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN; 46 const uint8_t *encrypted_blob = (is_superencrypted_layer) 47 ? desc->plaintext_data.superencrypted_blob 48 : desc->superencrypted_data.encrypted_blob; 49 size_t encrypted_blob_size = (is_superencrypted_layer) 50 ? desc->plaintext_data.superencrypted_blob_size 51 : desc->superencrypted_data.encrypted_blob_size; 52 53 if (encrypted_blob_size < overhead) 54 return 0; 55 *decrypted_out = tor_memdup_nulterm( 56 encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN, 57 encrypted_blob_size - overhead); 58 size_t result = strlen(*decrypted_out); 59 if (result) { 60 return result; 61 } else { 62 tor_free(*decrypted_out); 63 return 0; 64 } 65 } 66 67 static const uint8_t *decrypted_data = NULL; 68 static size_t decrypted_len = 0; 69 static size_t 70 mock_desc_decrypt_encrypted(const hs_descriptor_t *desc, 71 const curve25519_secret_key_t *client_auth_sk, 72 char **decrypted_out) 73 { 74 (void)desc; 75 (void)client_auth_sk; 76 *decrypted_out = (char*)tor_memdup_nulterm(decrypted_data, decrypted_len); 77 return decrypted_len; 78 } 79 80 int 81 fuzz_init(void) 82 { 83 disable_signature_checking(); 84 MOCK(dump_desc, mock_dump_desc__nodump); 85 MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check); 86 MOCK(decrypt_desc_layer, mock_decrypt_desc_layer); 87 MOCK(desc_decrypt_encrypted, mock_desc_decrypt_encrypted); 88 ed25519_init(); 89 return 0; 90 } 91 92 int 93 fuzz_cleanup(void) 94 { 95 return 0; 96 } 97 98 int 99 fuzz_main(const uint8_t *data, size_t sz) 100 { 101 decrypted_data = data; 102 decrypted_len = sz; 103 104 hs_descriptor_t *desc = tor_malloc_zero(sizeof(hs_descriptor_t)); 105 hs_desc_encrypted_data_t *output = tor_malloc_zero(sizeof(*output)); 106 curve25519_secret_key_t *client_auth_sk = NULL; 107 hs_desc_decode_status_t status; 108 109 status = desc_decode_encrypted_v3(desc, client_auth_sk, output); 110 if (status == HS_DESC_DECODE_OK) { 111 log_debug(LD_GENERAL, "Decoding okay"); 112 } else { 113 log_debug(LD_GENERAL, "Decoding failed"); 114 } 115 116 hs_descriptor_free(desc); 117 hs_desc_encrypted_data_free(output); 118 return 0; 119 }