Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/fuzzing/fuzz_des.c
34889 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* tests/fuzzing/fuzz_des.c - fuzzing harness for DES functions */

3
/*

4
 * Copyright (C) 2024 by Arjun. All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * * Redistributions of source code must retain the above copyright

11
 *   notice, this list of conditions and the following disclaimer.

12
 *

13
 * * Redistributions in binary form must reproduce the above copyright

14
 *   notice, this list of conditions and the following disclaimer in

15
 *   the documentation and/or other materials provided with the

16
 *   distribution.

17
 *

18
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

19
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

20
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

21
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

22
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

23
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

24
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

25
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

27
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

28
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

29
 * OF THE POSSIBILITY OF SUCH DAMAGE.

30
 */

31


32
#include "autoconf.h"

33
#include <k5-int.h>

34
#include <des_int.h>

35


36
#include <f_cbc.c>

37


38
#define kMinInputLength 32

39
#define kMaxInputLength 128

40


41
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

42


43
uint8_t default_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };

44


45
static void

46
fuzz_des(uint8_t *input, mit_des_key_schedule sched)

47
{

48
    uint8_t encrypt[8], decrypt[8];

49


50
    mit_des_cbc_encrypt((const mit_des_cblock *)input,

51
                        (mit_des_cblock *)encrypt, 8,

52
                        sched, default_ivec, MIT_DES_ENCRYPT);

53


54
    mit_des_cbc_encrypt((const mit_des_cblock *)encrypt,

55
                        (mit_des_cblock *)decrypt, 8,

56
                        sched, default_ivec, MIT_DES_DECRYPT);

57


58
    if (memcmp(input, decrypt, 8) != 0)

59
        abort();

60
}

61


62
static void

63
fuzz_decrypt(uint8_t *input, mit_des_key_schedule sched)

64
{

65
    uint8_t output[8];

66


67
    mit_des_cbc_encrypt((const mit_des_cblock *)input,

68
                        (mit_des_cblock *)output, 8,

69
                        sched, default_ivec, MIT_DES_DECRYPT);

70
}

71


72
static void

73
fuzz_cksum(uint8_t *input, mit_des_key_schedule sched)

74
{

75
    uint8_t output[8];

76


77
    mit_des_cbc_cksum(input, output, 8, sched, default_ivec);

78
}

79


80
int

81
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)

82
{

83
    krb5_error_code ret;

84
    mit_des_key_schedule sched;

85
    uint8_t *data_in, input[8];

86


87
    if (size < kMinInputLength || size > kMaxInputLength)

88
        return 0;

89


90
    memcpy(input, data, 8);

91
    ret = mit_des_key_sched(input, sched);

92
    if (ret)

93
        return 0;

94


95
    memcpy(input, data + 8, 8);

96
    fuzz_des(input, sched);

97


98
    memcpy(input, data + 16, 8);

99
    fuzz_decrypt(input, sched);

100


101
    data_in = k5memdup(data + 24, size - 24, &ret);

102
    if (ret)

103
        return 0;

104


105
    fuzz_cksum(data_in, sched);

106
    free(data_in);

107


108
    return 0;

109
}

110


111