/libfido2/fuzz/mutator_aux.h
| Line | Count | Source | 
| 1 |  | /* | 
| 2 |  |  * Copyright (c) 2019-2022 Yubico AB. All rights reserved. | 
| 3 |  |  * Use of this source code is governed by a BSD-style | 
| 4 |  |  * license that can be found in the LICENSE file. | 
| 5 |  |  * SPDX-License-Identifier: BSD-2-Clause | 
| 6 |  |  */ | 
| 7 |  |  | 
| 8 |  | #ifndef _MUTATOR_AUX_H | 
| 9 |  | #define _MUTATOR_AUX_H | 
| 10 |  |  | 
| 11 |  | #include <sys/types.h> | 
| 12 |  |  | 
| 13 |  | #include <stddef.h> | 
| 14 |  | #include <stdint.h> | 
| 15 |  | #include <cbor.h> | 
| 16 |  |  | 
| 17 |  | #include "../src/fido.h" | 
| 18 |  | #include "../src/fido/bio.h" | 
| 19 |  | #include "../src/fido/config.h" | 
| 20 |  | #include "../src/fido/credman.h" | 
| 21 |  | #include "../src/fido/eddsa.h" | 
| 22 |  | #include "../src/fido/es256.h" | 
| 23 |  | #include "../src/fido/es384.h" | 
| 24 |  | #include "../src/fido/rs256.h" | 
| 25 |  | #include "../src/netlink.h" | 
| 26 |  |  | 
| 27 |  | /* | 
| 28 |  |  * As of LLVM 10.0.0, MSAN support in libFuzzer was still experimental. | 
| 29 |  |  * We therefore have to be careful when using our custom mutator, or | 
| 30 |  |  * MSAN will flag uninitialised reads on memory populated by libFuzzer. | 
| 31 |  |  * Since there is no way to suppress MSAN without regenerating object | 
| 32 |  |  * code (in which case you might as well rebuild libFuzzer with MSAN), | 
| 33 |  |  * we adjust our mutator to make it less accurate while allowing | 
| 34 |  |  * fuzzing to proceed. | 
| 35 |  |  */ | 
| 36 |  |  | 
| 37 |  | #if defined(__has_feature) | 
| 38 |  | # if  __has_feature(memory_sanitizer) | 
| 39 |  | #  include <sanitizer/msan_interface.h> | 
| 40 |  | #  define NO_MSAN       __attribute__((no_sanitize("memory"))) | 
| 41 |  | #  define WITH_MSAN     1 | 
| 42 |  | # endif | 
| 43 |  | #endif | 
| 44 |  |  | 
| 45 |  | #if !defined(WITH_MSAN) | 
| 46 |  | # define NO_MSAN | 
| 47 |  | #endif | 
| 48 |  |  | 
| 49 |  | #define MUTATE_SEED     0x01 | 
| 50 |  | #define MUTATE_PARAM    0x02 | 
| 51 |  | #define MUTATE_WIREDATA 0x04 | 
| 52 |  | #define MUTATE_ALL      (MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA) | 
| 53 |  |  | 
| 54 |  | #define MAXSTR          1024 | 
| 55 |  | #define MAXBLOB         3600 | 
| 56 |  | #define MAXCORPUS       8192 | 
| 57 |  |  | 
| 58 |  | #define HID_DEV_HANDLE  0x68696421 | 
| 59 | 2.10k | #define NFC_DEV_HANDLE  0x6e666321 | 
| 60 |  |  | 
| 61 |  | struct blob { | 
| 62 |  |         uint8_t body[MAXBLOB]; | 
| 63 |  |         size_t len; | 
| 64 |  | }; | 
| 65 |  |  | 
| 66 |  | struct param; | 
| 67 |  |  | 
| 68 |  | struct param *unpack(const uint8_t *, size_t); | 
| 69 |  | size_t pack(uint8_t *, size_t, const struct param *); | 
| 70 |  | size_t pack_dummy(uint8_t *, size_t); | 
| 71 |  | void mutate(struct param *, unsigned int, unsigned int); | 
| 72 |  | void test(const struct param *); | 
| 73 |  |  | 
| 74 |  | void consume(const void *, size_t); | 
| 75 |  | void consume_str(const char *); | 
| 76 |  |  | 
| 77 |  | int unpack_blob(cbor_item_t *, struct blob *); | 
| 78 |  | int unpack_byte(cbor_item_t *, uint8_t *); | 
| 79 |  | int unpack_int(cbor_item_t *, int *); | 
| 80 |  | int unpack_string(cbor_item_t *, char *); | 
| 81 |  |  | 
| 82 |  | cbor_item_t *pack_blob(const struct blob *); | 
| 83 |  | cbor_item_t *pack_byte(uint8_t); | 
| 84 |  | cbor_item_t *pack_int(int); | 
| 85 |  | cbor_item_t *pack_string(const char *); | 
| 86 |  |  | 
| 87 |  | void mutate_byte(uint8_t *); | 
| 88 |  | void mutate_int(int *); | 
| 89 |  | void mutate_blob(struct blob *); | 
| 90 |  | void mutate_string(char *); | 
| 91 |  |  | 
| 92 |  | ssize_t fd_read(int, void *, size_t); | 
| 93 |  | ssize_t fd_write(int, const void *, size_t); | 
| 94 |  |  | 
| 95 |  | int nfc_read(void *, unsigned char *, size_t, int); | 
| 96 |  | int nfc_write(void *, const unsigned char *, size_t); | 
| 97 |  |  | 
| 98 |  | fido_dev_t *open_dev(int); | 
| 99 |  | void set_wire_data(const uint8_t *, size_t); | 
| 100 |  |  | 
| 101 |  | void fuzz_clock_reset(void); | 
| 102 |  | void prng_init(unsigned long); | 
| 103 |  | unsigned long prng_uint32(void); | 
| 104 |  |  | 
| 105 |  | uint32_t uniform_random(uint32_t); | 
| 106 |  |  | 
| 107 |  | void set_pcsc_parameters(const struct blob *); | 
| 108 |  | void set_pcsc_io_functions(int (*)(void *, u_char *, size_t, int), | 
| 109 |  |     int (*)(void *, const u_char *, size_t), void (*)(const void *, size_t)); | 
| 110 |  |  | 
| 111 |  | #endif /* !_MUTATOR_AUX_H */ |