fuzzing_common.c (5038B)
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */ 2 /* See LICENSE for licensing information */ 3 #define CRYPTO_ED25519_PRIVATE 4 #define CONFIG_PRIVATE 5 #include "orconfig.h" 6 #include "core/or/or.h" 7 #include "app/main/subsysmgr.h" 8 #include "lib/err/backtrace.h" 9 #include "app/config/config.h" 10 #include "test/fuzz/fuzzing.h" 11 #include "lib/compress/compress.h" 12 #include "lib/crypt_ops/crypto_ed25519.h" 13 #include "lib/crypt_ops/crypto_init.h" 14 #include "lib/version/torversion.h" 15 16 static or_options_t *mock_options = NULL; 17 static const or_options_t * 18 mock_get_options(void) 19 { 20 return mock_options; 21 } 22 23 static int 24 mock_crypto_pk_public_checksig__nocheck(const crypto_pk_t *env, char *to, 25 size_t tolen, 26 const char *from, size_t fromlen) 27 { 28 tor_assert(env && to && from); 29 (void)fromlen; 30 /* We could look at from[0..fromlen-1] ... */ 31 tor_assert(tolen >= crypto_pk_keysize(env)); 32 size_t siglen = MIN(20, crypto_pk_keysize(env)); 33 memset(to, 0x01, siglen); 34 return (int)siglen; 35 } 36 37 static int 38 mock_crypto_pk_public_checksig_digest__nocheck(crypto_pk_t *env, 39 const char *data, 40 size_t datalen, 41 const char *sig, 42 size_t siglen) 43 { 44 tor_assert(env && data && sig); 45 (void)datalen; 46 (void)siglen; 47 /* We could look at data[..] and sig[..] */ 48 return 0; 49 } 50 51 static int 52 mock_ed25519_checksig__nocheck(const ed25519_signature_t *signature, 53 const uint8_t *msg, size_t len, 54 const ed25519_public_key_t *pubkey) 55 { 56 tor_assert(signature && msg && pubkey); 57 /* We could look at msg[0..len-1] ... */ 58 (void)len; 59 return 0; 60 } 61 62 static int 63 mock_ed25519_checksig_batch__nocheck(int *okay_out, 64 const ed25519_checkable_t *checkable, 65 int n_checkable) 66 { 67 tor_assert(checkable); 68 int i; 69 for (i = 0; i < n_checkable; ++i) { 70 /* We could look at messages and signatures XXX */ 71 tor_assert(checkable[i].pubkey); 72 tor_assert(checkable[i].msg); 73 if (okay_out) 74 okay_out[i] = 1; 75 } 76 return 0; 77 } 78 79 static int 80 mock_ed25519_impl_spot_check__nocheck(void) 81 { 82 return 0; 83 } 84 85 void 86 disable_signature_checking(void) 87 { 88 MOCK(crypto_pk_public_checksig, 89 mock_crypto_pk_public_checksig__nocheck); 90 MOCK(crypto_pk_public_checksig_digest, 91 mock_crypto_pk_public_checksig_digest__nocheck); 92 MOCK(ed25519_checksig, mock_ed25519_checksig__nocheck); 93 MOCK(ed25519_checksig_batch, mock_ed25519_checksig_batch__nocheck); 94 MOCK(ed25519_impl_spot_check, mock_ed25519_impl_spot_check__nocheck); 95 } 96 97 static void 98 global_init(void) 99 { 100 subsystems_init_upto(SUBSYS_LEVEL_LIBS); 101 flush_log_messages_from_startup(); 102 103 tor_compress_init(); 104 105 if (crypto_global_init(0, NULL, NULL) < 0) 106 abort(); 107 108 { 109 struct sipkey sipkey = { 1337, 7331 }; 110 siphash_unset_global_key(); 111 siphash_set_global_key(&sipkey); 112 } 113 114 /* set up the options. */ 115 mock_options = options_new(); 116 MOCK(get_options, mock_get_options); 117 118 /* Make BUG() and nonfatal asserts crash */ 119 tor_set_failed_assertion_callback(abort); 120 121 /* Make protocol warnings handled correctly. */ 122 init_protocol_warning_severity_level(); 123 } 124 125 #ifdef LLVM_FUZZ 126 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); 127 int 128 LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 129 { 130 static int initialized = 0; 131 if (!initialized) { 132 global_init(); 133 if (fuzz_init() < 0) 134 abort(); 135 initialized = 1; 136 } 137 138 return fuzz_main(Data, Size); 139 } 140 141 #else /* !defined(LLVM_FUZZ) */ 142 143 int 144 main(int argc, char **argv) 145 { 146 size_t size; 147 148 global_init(); 149 150 /* Disable logging by default to speed up fuzzing. */ 151 int loglevel = LOG_ERR; 152 153 for (int i = 1; i < argc; ++i) { 154 if (!strcmp(argv[i], "--warn")) { 155 loglevel = LOG_WARN; 156 } else if (!strcmp(argv[i], "--notice")) { 157 loglevel = LOG_NOTICE; 158 } else if (!strcmp(argv[i], "--info")) { 159 loglevel = LOG_INFO; 160 } else if (!strcmp(argv[i], "--debug")) { 161 loglevel = LOG_DEBUG; 162 } 163 } 164 165 { 166 log_severity_list_t s; 167 memset(&s, 0, sizeof(s)); 168 set_log_severity_config(loglevel, LOG_ERR, &s); 169 /* ALWAYS log bug warnings. */ 170 s.masks[SEVERITY_MASK_IDX(LOG_WARN)] |= LD_BUG; 171 add_stream_log(&s, "", fileno(stdout)); 172 } 173 174 if (fuzz_init() < 0) 175 abort(); 176 177 #ifdef __AFL_HAVE_MANUAL_CONTROL 178 /* Tell AFL to pause and fork here - ignored if not using AFL */ 179 __AFL_INIT(); 180 #endif 181 182 #define MAX_FUZZ_SIZE (128*1024) 183 char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size); 184 tor_assert(input); 185 char *raw = tor_memdup(input, size); /* Because input is nul-terminated */ 186 tor_free(input); 187 fuzz_main((const uint8_t*)raw, size); 188 tor_free(raw); 189 190 if (fuzz_cleanup() < 0) 191 abort(); 192 193 or_options_free(mock_options); 194 UNMOCK(get_options); 195 return 0; 196 } 197 198 #endif /* defined(LLVM_FUZZ) */