From af23f3a84954d066b6c2c521c5ba1c5e7e7efcf2 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 4 Apr 2020 20:07:38 +0300 Subject: [PATCH] tests: New style fuzzing tool for DPP URI parsing Signed-off-by: Jouni Malinen --- tests/fuzzing/dpp-uri/Makefile | 33 +++++++++++++++++++ tests/fuzzing/dpp-uri/corpus/1.dat | 1 + tests/fuzzing/dpp-uri/corpus/2.dat | 1 + tests/fuzzing/dpp-uri/corpus/3.dat | 1 + tests/fuzzing/dpp-uri/dpp-uri.c | 51 ++++++++++++++++++++++++++++++ 5 files changed, 87 insertions(+) create mode 100644 tests/fuzzing/dpp-uri/Makefile create mode 100644 tests/fuzzing/dpp-uri/corpus/1.dat create mode 100644 tests/fuzzing/dpp-uri/corpus/2.dat create mode 100644 tests/fuzzing/dpp-uri/corpus/3.dat create mode 100644 tests/fuzzing/dpp-uri/dpp-uri.c diff --git a/tests/fuzzing/dpp-uri/Makefile b/tests/fuzzing/dpp-uri/Makefile new file mode 100644 index 000000000..27b2fddb3 --- /dev/null +++ b/tests/fuzzing/dpp-uri/Makefile @@ -0,0 +1,33 @@ +all: dpp-uri +include ../rules.include + +CFLAGS += -DCONFIG_DPP +CFLAGS += -DCONFIG_DPP2 +CFLAGS += -DCONFIG_SHA256 +CFLAGS += -DCONFIG_SHA384 +CFLAGS += -DCONFIG_SHA512 +CFLAGS += -DCONFIG_ECC +CFLAGS += -DCONFIG_OPENSSL_CMAC + +LIBS += $(SRC)/common/libcommon.a +LIBS += $(SRC)/utils/libutils.a + +OBJS += $(SRC)/crypto/crypto_openssl.o +LIBS += -lcrypto + +OBJS += $(SRC)/crypto/aes-ctr.o +OBJS += $(SRC)/crypto/aes-siv.o +OBJS += $(SRC)/crypto/sha256-kdf.o +OBJS += $(SRC)/crypto/sha384-kdf.o +OBJS += $(SRC)/crypto/sha512-kdf.o +OBJS += $(SRC)/tls/asn1.o +OBJS += $(SRC)/common/dpp.o + +dpp-uri: dpp-uri.o $(OBJS) $(LIBS) + $(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) + +clean: + $(MAKE) -C $(SRC) clean + rm -f dpp-uri *~ *.o *.d ../*~ ../*.o ../*.d + +-include $(OBJS:%.o=%.d) diff --git a/tests/fuzzing/dpp-uri/corpus/1.dat b/tests/fuzzing/dpp-uri/corpus/1.dat new file mode 100644 index 000000000..b2387e09a --- /dev/null +++ b/tests/fuzzing/dpp-uri/corpus/1.dat @@ -0,0 +1 @@ +DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;; \ No newline at end of file diff --git a/tests/fuzzing/dpp-uri/corpus/2.dat b/tests/fuzzing/dpp-uri/corpus/2.dat new file mode 100644 index 000000000..ee2ff90dd --- /dev/null +++ b/tests/fuzzing/dpp-uri/corpus/2.dat @@ -0,0 +1 @@ +DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;; \ No newline at end of file diff --git a/tests/fuzzing/dpp-uri/corpus/3.dat b/tests/fuzzing/dpp-uri/corpus/3.dat new file mode 100644 index 000000000..ce7ad16f3 --- /dev/null +++ b/tests/fuzzing/dpp-uri/corpus/3.dat @@ -0,0 +1 @@ +DPP:I:SN=4774LH2b4044;M:010203040506;C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;; \ No newline at end of file diff --git a/tests/fuzzing/dpp-uri/dpp-uri.c b/tests/fuzzing/dpp-uri/dpp-uri.c new file mode 100644 index 000000000..77db5b8bb --- /dev/null +++ b/tests/fuzzing/dpp-uri/dpp-uri.c @@ -0,0 +1,51 @@ +/* + * DPP URI fuzzer + * Copyright (c) 2020, Jouni Malinen + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "utils/includes.h" + +#include "utils/common.h" +#include "common/dpp.h" +#include "../fuzzer-common.h" + + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct dpp_global *dpp; + struct dpp_global_config config; + struct dpp_bootstrap_info *bi; + char *uri; + char buf[1000]; + int ret = -1; + + wpa_fuzzer_set_debug_level(); + + if (os_program_init()) + return 0; + + uri = os_malloc(size + 1); + if (!uri) + goto out; + os_memcpy(uri, data, size); + uri[size] = '\0'; + os_memset(&config, 0, sizeof(config)); + dpp = dpp_global_init(&config); + if (!dpp) + goto out; + + bi = dpp_add_qr_code(dpp, uri); + if (bi && dpp_bootstrap_info(dpp, bi->id, buf, sizeof(buf)) > 0) + wpa_printf(MSG_DEBUG, "DPP: %s", buf); + dpp_global_deinit(dpp); + + ret = 0; +out: + os_free(uri); + os_program_deinit(); + + return ret; +}