forked from google/OpenSK
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5d73444
commit 69a440f
Showing
3 changed files
with
103 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
|
||
[package] | ||
name = "ctap2-fuzz" | ||
version = "0.0.0" | ||
authors = ["Automatically generated"] | ||
publish = false | ||
edition = "2018" | ||
|
||
[package.metadata] | ||
cargo-fuzz = true | ||
|
||
[dependencies] | ||
libfuzzer-sys = { version = "0.3"} | ||
arrayref = "0.3.6" | ||
libtock_drivers = { path = "../third_party/libtock-drivers" } | ||
crypto = { path = "../libraries/crypto", features = ['std'] } | ||
cbor = { path = "../libraries/cbor"} | ||
|
||
[dependencies.ctap2] | ||
path = ".." | ||
features = ['std', 'ram_storage', 'fuzzing'] | ||
|
||
# Prevent this from interfering with workspaces | ||
[workspace] | ||
members = ["."] | ||
|
||
[[bin]] | ||
name = "fuzz_target_split_assemble" | ||
path = "fuzz_targets/fuzz_target_split_assemble.rs" | ||
test = false | ||
doc = false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#![no_main] | ||
|
||
extern crate ctap2; | ||
extern crate libtock_drivers; | ||
#[macro_use] | ||
extern crate arrayref; | ||
|
||
use libfuzzer_sys::fuzz_target; | ||
use ctap2::ctap::hid::receive::MessageAssembler; | ||
use ctap2::ctap::hid::send::HidPacketIterator; | ||
use ctap2::ctap::hid::{Message, HidPacket}; | ||
use libtock_drivers::timer::Timestamp; | ||
|
||
const DUMMY_TIMESTAMP: Timestamp<isize> = Timestamp::from_ms(0); | ||
const PACKET_TYPE_MASK: u8 = 0x80; | ||
|
||
// Converts a byte slice into Message | ||
fn raw_to_message(data: &[u8], len: usize) -> Message{ | ||
if len <= 4 { | ||
let mut cid = [0;4]; | ||
cid[..len].copy_from_slice(data); | ||
Message{ | ||
cid, | ||
cmd: 0, | ||
payload: vec![], | ||
} | ||
} | ||
else if len == 5{ | ||
Message{ | ||
cid: array_ref!(data,0,4).clone(), | ||
cmd: data[4], | ||
payload: vec![], | ||
} | ||
} | ||
else{ | ||
Message { | ||
cid: array_ref!(data,0,4).clone(), | ||
cmd: data[4], | ||
payload: data[5..].to_vec(), | ||
} | ||
} | ||
} | ||
|
||
/* Fuzzing HID packets splitting and assembling functions*/ | ||
fuzz_target!(|data: &[u8]| { | ||
let Message{cid, mut cmd, payload} = raw_to_message(data, data.len()); | ||
if let Some(hid_packet_iterator) = HidPacketIterator::new(Message{cid,cmd,payload:payload.clone()}){ | ||
let packets: Vec<HidPacket> = hid_packet_iterator.collect(); | ||
let mut assembler = MessageAssembler::new(); | ||
for (i, packet) in packets.iter().enumerate(){ | ||
if i != packets.len() - 1 { | ||
assert_eq!( | ||
assembler.parse_packet(packet, DUMMY_TIMESTAMP), | ||
Ok(None) | ||
); | ||
} | ||
else{ | ||
cmd = cmd & !PACKET_TYPE_MASK; | ||
assert_eq!( | ||
assembler.parse_packet(packet, DUMMY_TIMESTAMP), | ||
Ok(Some(Message{cid,cmd,payload:payload.clone()})) | ||
); | ||
} | ||
} | ||
} | ||
}); |