fuzz_hsdescv3_middle.c (3229B)
1 /* Copyright (c) 2017-2021, The Tor Project, Inc. */ 2 /* See LICENSE for licensing information */ 3 4 #define HS_DESCRIPTOR_PRIVATE 5 6 #include "core/or/or.h" 7 #include "trunnel/ed25519_cert.h" /* Trunnel interface. */ 8 #include "lib/crypt_ops/crypto_ed25519.h" 9 #include "feature/hs/hs_descriptor.h" 10 #include "feature/dirparse/unparseable.h" 11 12 #include "test/fuzz/fuzzing.h" 13 14 static void 15 mock_dump_desc__nodump(const char *desc, const char *type) 16 { 17 (void)desc; 18 (void)type; 19 } 20 21 static int 22 mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert, 23 const size_t crosscert_len, 24 const crypto_pk_t *rsa_id_key, 25 const ed25519_public_key_t *master_key, 26 const time_t reject_if_expired_before) 27 { 28 (void) crosscert; 29 (void) crosscert_len; 30 (void) rsa_id_key; 31 (void) master_key; 32 (void) reject_if_expired_before; 33 return 0; 34 } 35 36 static size_t 37 mock_decrypt_desc_layer(const hs_descriptor_t *desc, 38 const uint8_t *descriptor_cookie, 39 bool is_superencrypted_layer, 40 char **decrypted_out) 41 { 42 (void)is_superencrypted_layer; 43 (void)desc; 44 (void)descriptor_cookie; 45 const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN; 46 const uint8_t *encrypted_blob = (is_superencrypted_layer) 47 ? desc->plaintext_data.superencrypted_blob 48 : desc->superencrypted_data.encrypted_blob; 49 size_t encrypted_blob_size = (is_superencrypted_layer) 50 ? desc->plaintext_data.superencrypted_blob_size 51 : desc->superencrypted_data.encrypted_blob_size; 52 53 if (encrypted_blob_size < overhead) 54 return 0; 55 *decrypted_out = tor_memdup_nulterm( 56 encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN, 57 encrypted_blob_size - overhead); 58 size_t result = strlen(*decrypted_out); 59 if (result) { 60 return result; 61 } else { 62 tor_free(*decrypted_out); 63 return 0; 64 } 65 } 66 67 static const uint8_t *decrypted_data = NULL; 68 static size_t decrypted_len = 0; 69 static size_t 70 mock_desc_decrypt_superencrypted(const hs_descriptor_t *desc, 71 char **decrypted_out) 72 { 73 (void)desc; 74 *decrypted_out = (char*)tor_memdup_nulterm(decrypted_data, decrypted_len); 75 return decrypted_len; 76 } 77 78 int 79 fuzz_init(void) 80 { 81 disable_signature_checking(); 82 MOCK(dump_desc, mock_dump_desc__nodump); 83 MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check); 84 MOCK(decrypt_desc_layer, mock_decrypt_desc_layer); 85 MOCK(desc_decrypt_superencrypted, mock_desc_decrypt_superencrypted); 86 ed25519_init(); 87 return 0; 88 } 89 90 int 91 fuzz_cleanup(void) 92 { 93 return 0; 94 } 95 96 int 97 fuzz_main(const uint8_t *data, size_t sz) 98 { 99 decrypted_data = data; 100 decrypted_len = sz; 101 102 hs_descriptor_t *desc = tor_malloc_zero(sizeof(hs_descriptor_t)); 103 hs_desc_superencrypted_data_t *output = tor_malloc_zero(sizeof(*output)); 104 hs_desc_decode_status_t status; 105 106 status = desc_decode_superencrypted_v3(desc, output); 107 if (status == HS_DESC_DECODE_OK) { 108 log_debug(LD_GENERAL, "Decoding okay"); 109 } else { 110 log_debug(LD_GENERAL, "Decoding failed"); 111 } 112 113 hs_descriptor_free(desc); 114 hs_desc_superencrypted_data_free(output); 115 return 0; 116 }