/libfido2/fuzz/mutator_aux.h
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2019-2022 Yubico AB. All rights reserved. |
3 | | * Use of this source code is governed by a BSD-style |
4 | | * license that can be found in the LICENSE file. |
5 | | */ |
6 | | |
7 | | #ifndef _MUTATOR_AUX_H |
8 | | #define _MUTATOR_AUX_H |
9 | | |
10 | | #include <sys/types.h> |
11 | | |
12 | | #include <stddef.h> |
13 | | #include <stdint.h> |
14 | | #include <cbor.h> |
15 | | |
16 | | #include "../src/fido.h" |
17 | | #include "../src/fido/bio.h" |
18 | | #include "../src/fido/config.h" |
19 | | #include "../src/fido/credman.h" |
20 | | #include "../src/fido/eddsa.h" |
21 | | #include "../src/fido/es256.h" |
22 | | #include "../src/fido/es384.h" |
23 | | #include "../src/fido/rs256.h" |
24 | | #include "../src/netlink.h" |
25 | | |
26 | | /* |
27 | | * As of LLVM 10.0.0, MSAN support in libFuzzer was still experimental. |
28 | | * We therefore have to be careful when using our custom mutator, or |
29 | | * MSAN will flag uninitialised reads on memory populated by libFuzzer. |
30 | | * Since there is no way to suppress MSAN without regenerating object |
31 | | * code (in which case you might as well rebuild libFuzzer with MSAN), |
32 | | * we adjust our mutator to make it less accurate while allowing |
33 | | * fuzzing to proceed. |
34 | | */ |
35 | | |
36 | | #if defined(__has_feature) |
37 | | # if __has_feature(memory_sanitizer) |
38 | | # include <sanitizer/msan_interface.h> |
39 | | # define NO_MSAN __attribute__((no_sanitize("memory"))) |
40 | | # define WITH_MSAN 1 |
41 | | # endif |
42 | | #endif |
43 | | |
44 | | #if !defined(WITH_MSAN) |
45 | | # define NO_MSAN |
46 | | #endif |
47 | | |
48 | | #define MUTATE_SEED 0x01 |
49 | | #define MUTATE_PARAM 0x02 |
50 | | #define MUTATE_WIREDATA 0x04 |
51 | | #define MUTATE_ALL (MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA) |
52 | | |
53 | | #define MAXSTR 1024 |
54 | | #define MAXBLOB 3600 |
55 | | #define MAXCORPUS 8192 |
56 | | |
57 | | #define HID_DEV_HANDLE 0x68696421 |
58 | 1.65k | #define NFC_DEV_HANDLE 0x6e666321 |
59 | | |
60 | | struct blob { |
61 | | uint8_t body[MAXBLOB]; |
62 | | size_t len; |
63 | | }; |
64 | | |
65 | | struct param; |
66 | | |
67 | | struct param *unpack(const uint8_t *, size_t); |
68 | | size_t pack(uint8_t *, size_t, const struct param *); |
69 | | size_t pack_dummy(uint8_t *, size_t); |
70 | | void mutate(struct param *, unsigned int, unsigned int); |
71 | | void test(const struct param *); |
72 | | |
73 | | void consume(const void *, size_t); |
74 | | void consume_str(const char *); |
75 | | |
76 | | int unpack_blob(cbor_item_t *, struct blob *); |
77 | | int unpack_byte(cbor_item_t *, uint8_t *); |
78 | | int unpack_int(cbor_item_t *, int *); |
79 | | int unpack_string(cbor_item_t *, char *); |
80 | | |
81 | | cbor_item_t *pack_blob(const struct blob *); |
82 | | cbor_item_t *pack_byte(uint8_t); |
83 | | cbor_item_t *pack_int(int); |
84 | | cbor_item_t *pack_string(const char *); |
85 | | |
86 | | void mutate_byte(uint8_t *); |
87 | | void mutate_int(int *); |
88 | | void mutate_blob(struct blob *); |
89 | | void mutate_string(char *); |
90 | | |
91 | | ssize_t fd_read(int, void *, size_t); |
92 | | ssize_t fd_write(int, const void *, size_t); |
93 | | |
94 | | int nfc_read(void *, unsigned char *, size_t, int); |
95 | | int nfc_write(void *, const unsigned char *, size_t); |
96 | | |
97 | | fido_dev_t *open_dev(int); |
98 | | void set_wire_data(const uint8_t *, size_t); |
99 | | |
100 | | void fuzz_clock_reset(void); |
101 | | void prng_init(unsigned long); |
102 | | unsigned long prng_uint32(void); |
103 | | |
104 | | uint32_t uniform_random(uint32_t); |
105 | | |
106 | | void set_pcsc_parameters(const struct blob *); |
107 | | void set_pcsc_io_functions(int (*)(void *, u_char *, size_t, int), |
108 | | int (*)(void *, const u_char *, size_t), void (*)(const void *, size_t)); |
109 | | |
110 | | #endif /* !_MUTATOR_AUX_H */ |