Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/contrib/libfido2/fuzz/mutator_aux.h
39586 views
1
/*

2
 * Copyright (c) 2019-2022 Yubico AB. All rights reserved.

3
 * Use of this source code is governed by a BSD-style

4
 * license that can be found in the LICENSE file.

5
 * SPDX-License-Identifier: BSD-2-Clause

6
 */

7


8
#ifndef _MUTATOR_AUX_H

9
#define _MUTATOR_AUX_H

10


11
#include <sys/types.h>

12


13
#include <stddef.h>

14
#include <stdint.h>

15
#include <cbor.h>

16


17
#include "../src/fido.h"

18
#include "../src/fido/bio.h"

19
#include "../src/fido/config.h"

20
#include "../src/fido/credman.h"

21
#include "../src/fido/eddsa.h"

22
#include "../src/fido/es256.h"

23
#include "../src/fido/es384.h"

24
#include "../src/fido/rs256.h"

25
#include "../src/netlink.h"

26


27
/*

28
 * As of LLVM 10.0.0, MSAN support in libFuzzer was still experimental.

29
 * We therefore have to be careful when using our custom mutator, or

30
 * MSAN will flag uninitialised reads on memory populated by libFuzzer.

31
 * Since there is no way to suppress MSAN without regenerating object

32
 * code (in which case you might as well rebuild libFuzzer with MSAN),

33
 * we adjust our mutator to make it less accurate while allowing

34
 * fuzzing to proceed.

35
 */

36


37
#if defined(__has_feature)

38
# if  __has_feature(memory_sanitizer)

39
#  include <sanitizer/msan_interface.h>

40
#  define NO_MSAN	__attribute__((no_sanitize("memory")))

41
#  define WITH_MSAN	1

42
# endif

43
#endif

44


45
#if !defined(WITH_MSAN)

46
# define NO_MSAN

47
#endif

48


49
#define MUTATE_SEED	0x01

50
#define MUTATE_PARAM	0x02

51
#define MUTATE_WIREDATA	0x04

52
#define MUTATE_ALL	(MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA)

53


54
#define MAXSTR		1024

55
#define MAXBLOB		3600

56
#define MAXCORPUS	8192

57


58
#define HID_DEV_HANDLE	0x68696421

59
#define NFC_DEV_HANDLE	0x6e666321

60


61
struct blob {

62
	uint8_t body[MAXBLOB];

63
	size_t len;

64
};

65


66
struct param;

67


68
struct param *unpack(const uint8_t *, size_t);

69
size_t pack(uint8_t *, size_t, const struct param *);

70
size_t pack_dummy(uint8_t *, size_t);

71
void mutate(struct param *, unsigned int, unsigned int);

72
void test(const struct param *);

73


74
void consume(const void *, size_t);

75
void consume_str(const char *);

76


77
int unpack_blob(cbor_item_t *, struct blob *);

78
int unpack_byte(cbor_item_t *, uint8_t *);

79
int unpack_int(cbor_item_t *, int *);

80
int unpack_string(cbor_item_t *, char *);

81


82
cbor_item_t *pack_blob(const struct blob *);

83
cbor_item_t *pack_byte(uint8_t);

84
cbor_item_t *pack_int(int);

85
cbor_item_t *pack_string(const char *);

86


87
void mutate_byte(uint8_t *);

88
void mutate_int(int *);

89
void mutate_blob(struct blob *);

90
void mutate_string(char *);

91


92
ssize_t fd_read(int, void *, size_t);

93
ssize_t fd_write(int, const void *, size_t);

94


95
int nfc_read(void *, unsigned char *, size_t, int);

96
int nfc_write(void *, const unsigned char *, size_t);

97


98
fido_dev_t *open_dev(int);

99
void set_wire_data(const uint8_t *, size_t);

100


101
void fuzz_clock_reset(void);

102
void prng_init(unsigned long);

103
unsigned long prng_uint32(void);

104


105
uint32_t uniform_random(uint32_t);

106


107
void set_pcsc_parameters(const struct blob *);

108
void set_pcsc_io_functions(int (*)(void *, u_char *, size_t, int),

109
    int (*)(void *, const u_char *, size_t), void (*)(const void *, size_t));

110


111
#endif /* !_MUTATOR_AUX_H */

112


113