summaryrefslogtreecommitdiff
path: root/src/test/fuzz/fuzzing_common.c
blob: 1285d94aeecec0b56054d31c1b1257948684f237 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
/* Copyright (c) 2016-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CRYPTO_ED25519_PRIVATE
#include "orconfig.h"
#include "core/or/or.h"
#include "app/main/subsysmgr.h"
#include "lib/err/backtrace.h"
#include "app/config/config.h"
#include "test/fuzz/fuzzing.h"
#include "lib/compress/compress.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/crypt_ops/crypto_init.h"
#include "lib/version/torversion.h"

static or_options_t *mock_options = NULL;
static const or_options_t *
mock_get_options(void)
{
  return mock_options;
}

static int
mock_crypto_pk_public_checksig__nocheck(const crypto_pk_t *env, char *to,
                                        size_t tolen,
                                        const char *from, size_t fromlen)
{
  tor_assert(env && to && from);
  (void)fromlen;
  /* We could look at from[0..fromlen-1] ... */
  tor_assert(tolen >= crypto_pk_keysize(env));
  size_t siglen = MIN(20, crypto_pk_keysize(env));
  memset(to, 0x01, siglen);
  return (int)siglen;
}

static int
mock_crypto_pk_public_checksig_digest__nocheck(crypto_pk_t *env,
                                               const char *data,
                                               size_t datalen,
                                               const char *sig,
                                               size_t siglen)
{
  tor_assert(env && data && sig);
  (void)datalen;
  (void)siglen;
  /* We could look at data[..] and sig[..] */
  return 0;
}

static int
mock_ed25519_checksig__nocheck(const ed25519_signature_t *signature,
                      const uint8_t *msg, size_t len,
                      const ed25519_public_key_t *pubkey)
{
  tor_assert(signature && msg && pubkey);
  /* We could look at msg[0..len-1] ... */
  (void)len;
  return 0;
}

static int
mock_ed25519_checksig_batch__nocheck(int *okay_out,
                                     const ed25519_checkable_t *checkable,
                                     int n_checkable)
{
  tor_assert(checkable);
  int i;
  for (i = 0; i < n_checkable; ++i) {
    /* We could look at messages and signatures XXX */
    tor_assert(checkable[i].pubkey);
    tor_assert(checkable[i].msg);
    if (okay_out)
      okay_out[i] = 1;
  }
  return 0;
}

static int
mock_ed25519_impl_spot_check__nocheck(void)
{
  return 0;
}

void
disable_signature_checking(void)
{
  MOCK(crypto_pk_public_checksig,
       mock_crypto_pk_public_checksig__nocheck);
  MOCK(crypto_pk_public_checksig_digest,
       mock_crypto_pk_public_checksig_digest__nocheck);
  MOCK(ed25519_checksig, mock_ed25519_checksig__nocheck);
  MOCK(ed25519_checksig_batch, mock_ed25519_checksig_batch__nocheck);
  MOCK(ed25519_impl_spot_check, mock_ed25519_impl_spot_check__nocheck);
}

static void
global_init(void)
{
  subsystems_init_upto(SUBSYS_LEVEL_LIBS);
  flush_log_messages_from_startup();

  tor_compress_init();

  if (crypto_global_init(0, NULL, NULL) < 0)
    abort();

  {
    struct sipkey sipkey = { 1337, 7331 };
    siphash_unset_global_key();
    siphash_set_global_key(&sipkey);
  }

  /* set up the options. */
  mock_options = options_new();
  MOCK(get_options, mock_get_options);

  /* Make BUG() and nonfatal asserts crash */
  tor_set_failed_assertion_callback(abort);

  /* Make protocol warnings handled correctly. */
  init_protocol_warning_severity_level();
}

#ifdef LLVM_FUZZ
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
  static int initialized = 0;
  if (!initialized) {
    global_init();
    if (fuzz_init() < 0)
      abort();
    initialized = 1;
  }

  return fuzz_main(Data, Size);
}

#else /* !(defined(LLVM_FUZZ)) */

int
main(int argc, char **argv)
{
  size_t size;

  global_init();

  /* Disable logging by default to speed up fuzzing. */
  int loglevel = LOG_ERR;

  for (int i = 1; i < argc; ++i) {
    if (!strcmp(argv[i], "--warn")) {
      loglevel = LOG_WARN;
    } else if (!strcmp(argv[i], "--notice")) {
      loglevel = LOG_NOTICE;
    } else if (!strcmp(argv[i], "--info")) {
      loglevel = LOG_INFO;
    } else if (!strcmp(argv[i], "--debug")) {
      loglevel = LOG_DEBUG;
    }
  }

  {
    log_severity_list_t s;
    memset(&s, 0, sizeof(s));
    set_log_severity_config(loglevel, LOG_ERR, &s);
    /* ALWAYS log bug warnings. */
    s.masks[LOG_WARN-LOG_ERR] |= LD_BUG;
    add_stream_log(&s, "", fileno(stdout));
  }

  if (fuzz_init() < 0)
    abort();

#ifdef __AFL_HAVE_MANUAL_CONTROL
  /* Tell AFL to pause and fork here - ignored if not using AFL */
  __AFL_INIT();
#endif

#define MAX_FUZZ_SIZE (128*1024)
  char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
  tor_assert(input);
  char *raw = tor_memdup(input, size); /* Because input is nul-terminated */
  tor_free(input);
  fuzz_main((const uint8_t*)raw, size);
  tor_free(raw);

  if (fuzz_cleanup() < 0)
    abort();

  tor_free(mock_options);
  UNMOCK(get_options);
  return 0;
}

#endif /* defined(LLVM_FUZZ) */