diff options
Diffstat (limited to 'src/fuzzing')
-rw-r--r-- | src/fuzzing/CMakeLists.txt | 145 | ||||
-rw-r--r-- | src/fuzzing/dump.c | 54 | ||||
-rw-r--r-- | src/fuzzing/keyimport.c | 97 | ||||
-rw-r--r-- | src/fuzzing/keyring.c | 52 | ||||
-rw-r--r-- | src/fuzzing/keyring_g10.cpp | 51 | ||||
-rw-r--r-- | src/fuzzing/keyring_kbx.c | 50 | ||||
-rw-r--r-- | src/fuzzing/sigimport.c | 51 | ||||
-rw-r--r-- | src/fuzzing/verify.c | 58 | ||||
-rw-r--r-- | src/fuzzing/verify_detached.c | 59 |
9 files changed, 617 insertions, 0 deletions
diff --git a/src/fuzzing/CMakeLists.txt b/src/fuzzing/CMakeLists.txt new file mode 100644 index 0000000..c177035 --- /dev/null +++ b/src/fuzzing/CMakeLists.txt @@ -0,0 +1,145 @@ +# Copyright (c) 2020 Ribose Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + + +if(NOT DEFINED ENV{LIB_FUZZING_ENGINE}) + add_compile_options(-fsanitize=fuzzer-no-link) + add_link_options(-fsanitize=fuzzer) +else() + # This section is used by OSS-Fuzz + add_link_options($ENV{LIB_FUZZING_ENGINE}) + if($ENV{FUZZING_ENGINE} STREQUAL "afl") + link_libraries(-stdlib=libc++) + endif() +endif() + +add_executable(fuzz_dump dump.c) + +target_include_directories(fuzz_dump + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_dump + PRIVATE + librnp +) + +add_executable(fuzz_keyring keyring.c) + +target_include_directories(fuzz_keyring + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_keyring + PRIVATE + librnp +) + +add_executable(fuzz_keyimport keyimport.c) + +target_include_directories(fuzz_keyimport + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_keyimport + PRIVATE + librnp +) + +add_executable(fuzz_sigimport sigimport.c) + +target_include_directories(fuzz_sigimport + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_sigimport + PRIVATE + librnp +) + +add_executable(fuzz_verify verify.c) + +target_include_directories(fuzz_verify + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_verify + PRIVATE + librnp +) + +add_executable(fuzz_verify_detached verify_detached.c) + +target_include_directories(fuzz_verify_detached + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_verify_detached + PRIVATE + librnp +) + +add_executable(fuzz_keyring_kbx keyring_kbx.c) + +target_include_directories(fuzz_keyring_kbx + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_keyring_kbx + PRIVATE + librnp +) + +add_executable(fuzz_keyring_g10 keyring_g10.cpp) + +target_include_directories(fuzz_keyring_g10 + PRIVATE + "${PROJECT_SOURCE_DIR}/src" + "${PROJECT_SOURCE_DIR}/src/lib" +) + +target_link_libraries(fuzz_keyring_g10 + PRIVATE + librnp-static +) + +if (ENABLE_SANITIZERS) + foreach(tgt fuzz_dump fuzz_keyring fuzz_keyimport fuzz_sigimport fuzz_verify fuzz_verify_detached fuzz_keyring_kbx fuzz_keyring_g10) + set_target_properties(${tgt} PROPERTIES LINKER_LANGUAGE CXX) + endforeach() +endif() diff --git a/src/fuzzing/dump.c b/src/fuzzing/dump.c new file mode 100644 index 0000000..026bfc2 --- /dev/null +++ b/src/fuzzing/dump.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> + +#ifdef RNP_RUN_TESTS +int dump_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +dump_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp_input_t input = NULL; + (void) rnp_input_from_memory(&input, data, size, false); + rnp_output_t output = NULL; + (void) rnp_output_to_null(&output); + + (void) rnp_dump_packets_to_output(input, output, RNP_DUMP_RAW); + rnp_output_destroy(output); + rnp_input_destroy(input); + + (void) rnp_input_from_memory(&input, data, size, false); + char *json = NULL; + (void) rnp_dump_packets_to_json(input, RNP_DUMP_RAW, &json); + rnp_buffer_destroy(json); + rnp_input_destroy(input); + + return 0; +} diff --git a/src/fuzzing/keyimport.c b/src/fuzzing/keyimport.c new file mode 100644 index 0000000..16e1272 --- /dev/null +++ b/src/fuzzing/keyimport.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> +#include <rnp/rnp_err.h> + +#ifdef RNP_RUN_TESTS +int keyimport_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +keyimport_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp_input_t input = NULL; + rnp_result_t ret = 0; + rnp_ffi_t ffi = NULL; + + /* try non-permissive import */ + ret = rnp_input_from_memory(&input, data, size, false); + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + char *results = NULL; + ret = rnp_import_keys( + ffi, input, RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS, &results); + rnp_buffer_destroy(results); + rnp_input_destroy(input); + rnp_ffi_destroy(ffi); + + /* try permissive import */ + ret = rnp_input_from_memory(&input, data, size, false); + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + results = NULL; + ret = rnp_import_keys(ffi, + input, + RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS | + RNP_LOAD_SAVE_PERMISSIVE, + &results); + rnp_buffer_destroy(results); + rnp_input_destroy(input); + rnp_ffi_destroy(ffi); + + /* try non-permissive iterative import */ + ret = rnp_input_from_memory(&input, data, size, false); + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + do { + results = NULL; + ret = rnp_import_keys(ffi, + input, + RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS | + RNP_LOAD_SAVE_SINGLE, + &results); + rnp_buffer_destroy(results); + } while (!ret); + rnp_input_destroy(input); + rnp_ffi_destroy(ffi); + + /* try permissive iterative import */ + ret = rnp_input_from_memory(&input, data, size, false); + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + do { + results = NULL; + ret = rnp_import_keys(ffi, + input, + RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS | + RNP_LOAD_SAVE_PERMISSIVE | RNP_LOAD_SAVE_SINGLE, + &results); + rnp_buffer_destroy(results); + } while (!ret); + rnp_input_destroy(input); + rnp_ffi_destroy(ffi); + + return 0; +} diff --git a/src/fuzzing/keyring.c b/src/fuzzing/keyring.c new file mode 100644 index 0000000..bac4e13 --- /dev/null +++ b/src/fuzzing/keyring.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> + +#ifdef RNP_RUN_TESTS +int keyring_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +keyring_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp_input_t input = NULL; + rnp_result_t ret = 0; + rnp_ffi_t ffi = NULL; + + ret = rnp_input_from_memory(&input, data, size, false); + + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + ret = + rnp_load_keys(ffi, "GPG", input, RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS); + + rnp_input_destroy(input); + rnp_ffi_destroy(ffi); + + return 0; +} diff --git a/src/fuzzing/keyring_g10.cpp b/src/fuzzing/keyring_g10.cpp new file mode 100644 index 0000000..f2495a5 --- /dev/null +++ b/src/fuzzing/keyring_g10.cpp @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> +#include "../lib/pgp-key.h" +#include "../librekey/key_store_g10.h" +#include "../librepgp/stream-common.h" +#include "../lib/sec_profile.hpp" + +#ifdef RNP_RUN_TESTS +int keyring_g10_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +keyring_g10_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +extern "C" RNP_API int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp::SecurityContext ctx; + rnp_key_store_t ks(ctx); + pgp_source_t memsrc = {}; + + init_mem_src(&memsrc, data, size, false); + rnp_key_store_g10_from_src(&ks, &memsrc, NULL); + src_close(&memsrc); + + return 0; +} diff --git a/src/fuzzing/keyring_kbx.c b/src/fuzzing/keyring_kbx.c new file mode 100644 index 0000000..768e669 --- /dev/null +++ b/src/fuzzing/keyring_kbx.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> + +#ifdef RNP_RUN_TESTS +int keyring_kbx_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +keyring_kbx_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp_input_t input = NULL; + rnp_result_t ret = 0; + rnp_ffi_t ffi = NULL; + + ret = rnp_input_from_memory(&input, data, size, false); + + ret = rnp_ffi_create(&ffi, "KBX", "G10"); + ret = rnp_load_keys(ffi, "KBX", input, RNP_LOAD_SAVE_PUBLIC_KEYS); + + rnp_input_destroy(input); + rnp_ffi_destroy(ffi); + return 0; +} diff --git a/src/fuzzing/sigimport.c b/src/fuzzing/sigimport.c new file mode 100644 index 0000000..35adeb7 --- /dev/null +++ b/src/fuzzing/sigimport.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> + +#ifdef RNP_RUN_TESTS +int sigimport_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +sigimport_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp_input_t input = NULL; + rnp_result_t ret = 0; + rnp_ffi_t ffi = NULL; + + ret = rnp_input_from_memory(&input, data, size, false); + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + char *results = NULL; + ret = rnp_import_signatures(ffi, input, 0, &results); + rnp_buffer_destroy(results); + rnp_input_destroy(input); + rnp_ffi_destroy(ffi); + + return 0; +} diff --git a/src/fuzzing/verify.c b/src/fuzzing/verify.c new file mode 100644 index 0000000..cd6c849 --- /dev/null +++ b/src/fuzzing/verify.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> +#include "stdio.h" + +#ifdef RNP_RUN_TESTS +int verify_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +verify_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp_ffi_t ffi = NULL; + rnp_input_t input = NULL; + rnp_output_t output = NULL; + rnp_result_t ret; + + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + ret = rnp_input_from_memory(&input, data, size, false); + ret = rnp_output_to_null(&output); + + rnp_op_verify_t op = NULL; + ret = rnp_op_verify_create(&op, ffi, input, output); + ret = rnp_op_verify_execute(op); + ret = rnp_op_verify_destroy(op); + + rnp_input_destroy(input); + rnp_output_destroy(output); + rnp_ffi_destroy(ffi); + + return 0; +} diff --git a/src/fuzzing/verify_detached.c b/src/fuzzing/verify_detached.c new file mode 100644 index 0000000..2afb59a --- /dev/null +++ b/src/fuzzing/verify_detached.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2020, [Ribose Inc](https://www.ribose.com). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <rnp/rnp.h> +#include "string.h" + +#ifdef RNP_RUN_TESTS +int verify_detached_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int +verify_detached_LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#else +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +#endif +{ + rnp_ffi_t ffi = NULL; + rnp_input_t input = NULL; + rnp_input_t msg_input = NULL; + rnp_result_t ret; + + ret = rnp_ffi_create(&ffi, "GPG", "GPG"); + ret = rnp_input_from_memory(&input, data, size, false); + const char *msg = "message"; + ret = rnp_input_from_memory(&msg_input, (const uint8_t *) msg, strlen(msg), true); + + rnp_op_verify_t verify = NULL; + ret = rnp_op_verify_detached_create(&verify, ffi, msg_input, input); + ret = rnp_op_verify_execute(verify); + ret = rnp_op_verify_destroy(verify); + + rnp_input_destroy(input); + rnp_input_destroy(msg_input); + rnp_ffi_destroy(ffi); + + return 0; +} |