Added first fuzzing target

Cargo.toml

@@ -12,22 +12,24 @@ edition = "2018"
 [dependencies]
 libtock_core = { path = "third_party/libtock-rs/core" }
 libtock_drivers = { path = "third_party/libtock-drivers" }
-lang_items = { path = "third_party/lang-items" }
+#lang_items = { path = "third_party/lang-items" }
 cbor = { path = "libraries/cbor" }
 crypto = { path = "libraries/crypto" }
 byteorder = { version = "1", default-features = false }
 arrayref = "0.3.6"
 subtle = { version = "2.2", default-features = false, features = ["nightly"] }
 
 [features]
-debug_allocations = ["lang_items/debug_allocations"]
+#debug_allocations = ["lang_items/debug_allocations"]
 debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"]
-panic_console = ["lang_items/panic_console"]
-std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std"]
+#panic_console = ["lang_items/panic_console"]
+std = ["cbor/std", "crypto/std", "crypto/derive_debug"]
+#, "lang_items/std"]
 ram_storage = []
 verbose = ["debug_ctap", "libtock_drivers/verbose_usb"]
 with_ctap1 = ["crypto/with_ctap1"]
 with_ctap2_1 = []
+fuzzing = []
 
 [dev-dependencies]
 elf2tab = "0.6.0"

fuzz/Cargo.toml

@@ -0,0 +1,31 @@
+
+[package]
+name = "ctap2-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = { version = "0.3"}
+arrayref = "0.3.6"
+libtock_drivers = { path = "../third_party/libtock-drivers" }
+crypto = { path = "../libraries/crypto", features = ['std'] }
+cbor = { path = "../libraries/cbor"}
+
+[dependencies.ctap2]
+path = ".."
+features = ['std', 'ram_storage', 'fuzzing']
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_target_split_assemble"
+path = "fuzz_targets/fuzz_target_split_assemble.rs"
+test = false
+doc = false

fuzz/fuzz_targets/fuzz_target_split_assemble.rs

@@ -0,0 +1,66 @@
+#![no_main]
+
+extern crate ctap2;
+extern crate libtock_drivers;
+#[macro_use]
+extern crate arrayref;
+
+use libfuzzer_sys::fuzz_target;
+use ctap2::ctap::hid::receive::MessageAssembler;
+use ctap2::ctap::hid::send::HidPacketIterator;
+use ctap2::ctap::hid::{Message, HidPacket};
+use libtock_drivers::timer::Timestamp;
+
+const DUMMY_TIMESTAMP: Timestamp<isize> = Timestamp::from_ms(0);
+const PACKET_TYPE_MASK: u8 = 0x80;
+
+// Converts a byte slice into Message
+fn raw_to_message(data: &[u8], len: usize) -> Message{
+ if len <= 4 {
+ let mut cid = [0;4];
+ cid[..len].copy_from_slice(data);
+ Message{
+ cid,
+ cmd: 0,
+ payload: vec![],
+ }
+ }
+ else if len == 5{
+ Message{
+ cid: array_ref!(data,0,4).clone(),
+ cmd: data[4],
+ payload: vec![],
+ }
+ }
+ else{
+ Message {
+ cid: array_ref!(data,0,4).clone(),
+ cmd: data[4],
+ payload: data[5..].to_vec(),
+ }
+ }
+}
+
+/* Fuzzing HID packets splitting and assembling functions*/
+fuzz_target!(|data: &[u8]| {
+ let Message{cid, mut cmd, payload} = raw_to_message(data, data.len());
+ if let Some(hid_packet_iterator) = HidPacketIterator::new(Message{cid,cmd,payload:payload.clone()}){
+ let packets: Vec<HidPacket> = hid_packet_iterator.collect();
+ let mut assembler = MessageAssembler::new();
+ for (i, packet) in packets.iter().enumerate(){
+ if i != packets.len() - 1 {
+ assert_eq!(
+ assembler.parse_packet(packet, DUMMY_TIMESTAMP),
+ Ok(None)
+ );
+ }
+ else{
+ cmd = cmd & !PACKET_TYPE_MASK;
+ assert_eq!(
+ assembler.parse_packet(packet, DUMMY_TIMESTAMP),
+ Ok(Some(Message{cid,cmd,payload:payload.clone()}))
+ );
+ }
+ }
+ }
+});