From 5d734445ea91e0fca7ce1f7668ffb01fbacc3c99 Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Mon, 14 Sep 2020 15:30:30 +0000 Subject: [PATCH 01/11] Modified dependencies for fuzzing to work --- src/ctap/hid/mod.rs | 1 - src/ctap/storage.rs | 1 - src/lib.rs | 4 ++++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs index 115bc3a3..addc09cd 100644 --- a/src/ctap/hid/mod.rs +++ b/src/ctap/hid/mod.rs @@ -163,7 +163,6 @@ impl CtapHid { Ok(Some(message)) => { #[cfg(feature = "debug_ctap")] writeln!(&mut Console::new(), "Received message: {:02x?}", message).unwrap(); - let cid = message.cid; if !self.has_valid_channel(&message) { #[cfg(feature = "debug_ctap")] diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index de5eb038..a4dcaf26 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - #[cfg(feature = "with_ctap2_1")] use crate::ctap::data_formats::{extract_array, extract_text_string}; use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialSource}; diff --git a/src/lib.rs b/src/lib.rs index 0df6552d..fe7bd4c2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -23,6 +23,10 @@ extern crate cbor; extern crate lang_items; extern crate libtock_core; extern crate libtock_drivers; +#[macro_use] +extern crate cbor; +#[macro_use] +extern crate arrayref; pub mod ctap; pub mod embedded_flash; From 69a440fddbdf8a4ed0eb3552d41cf7fafd3623c4 Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Mon, 14 Sep 2020 15:33:46 +0000 Subject: [PATCH 02/11] Added first fuzzing target --- Cargo.toml | 10 +-- fuzz/Cargo.toml | 31 +++++++++ .../fuzz_target_split_assemble.rs | 66 +++++++++++++++++++ 3 files changed, 103 insertions(+), 4 deletions(-) create mode 100644 fuzz/Cargo.toml create mode 100644 fuzz/fuzz_targets/fuzz_target_split_assemble.rs diff --git a/Cargo.toml b/Cargo.toml index a11d0f76..421dcb68 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,7 +12,7 @@ edition = "2018" [dependencies] libtock_core = { path = "third_party/libtock-rs/core" } libtock_drivers = { path = "third_party/libtock-drivers" } -lang_items = { path = "third_party/lang-items" } +#lang_items = { path = "third_party/lang-items" } cbor = { path = "libraries/cbor" } crypto = { path = "libraries/crypto" } byteorder = { version = "1", default-features = false } @@ -20,14 +20,16 @@ arrayref = "0.3.6" subtle = { version = "2.2", default-features = false, features = ["nightly"] } [features] -debug_allocations = ["lang_items/debug_allocations"] +#debug_allocations = ["lang_items/debug_allocations"] debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"] -panic_console = ["lang_items/panic_console"] -std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std"] +#panic_console = ["lang_items/panic_console"] +std = ["cbor/std", "crypto/std", "crypto/derive_debug"] +#, "lang_items/std"] ram_storage = [] verbose = ["debug_ctap", "libtock_drivers/verbose_usb"] with_ctap1 = ["crypto/with_ctap1"] with_ctap2_1 = [] +fuzzing = [] [dev-dependencies] elf2tab = "0.6.0" diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml new file mode 100644 index 00000000..ff092d55 --- /dev/null +++ b/fuzz/Cargo.toml @@ -0,0 +1,31 @@ + +[package] +name = "ctap2-fuzz" +version = "0.0.0" +authors = ["Automatically generated"] +publish = false +edition = "2018" + +[package.metadata] +cargo-fuzz = true + +[dependencies] +libfuzzer-sys = { version = "0.3"} +arrayref = "0.3.6" +libtock_drivers = { path = "../third_party/libtock-drivers" } +crypto = { path = "../libraries/crypto", features = ['std'] } +cbor = { path = "../libraries/cbor"} + +[dependencies.ctap2] +path = ".." +features = ['std', 'ram_storage', 'fuzzing'] + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[[bin]] +name = "fuzz_target_split_assemble" +path = "fuzz_targets/fuzz_target_split_assemble.rs" +test = false +doc = false diff --git a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs new file mode 100644 index 00000000..2c06ca0f --- /dev/null +++ b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs @@ -0,0 +1,66 @@ +#![no_main] + +extern crate ctap2; +extern crate libtock_drivers; +#[macro_use] +extern crate arrayref; + +use libfuzzer_sys::fuzz_target; +use ctap2::ctap::hid::receive::MessageAssembler; +use ctap2::ctap::hid::send::HidPacketIterator; +use ctap2::ctap::hid::{Message, HidPacket}; +use libtock_drivers::timer::Timestamp; + +const DUMMY_TIMESTAMP: Timestamp = Timestamp::from_ms(0); +const PACKET_TYPE_MASK: u8 = 0x80; + +// Converts a byte slice into Message +fn raw_to_message(data: &[u8], len: usize) -> Message{ + if len <= 4 { + let mut cid = [0;4]; + cid[..len].copy_from_slice(data); + Message{ + cid, + cmd: 0, + payload: vec![], + } + } + else if len == 5{ + Message{ + cid: array_ref!(data,0,4).clone(), + cmd: data[4], + payload: vec![], + } + } + else{ + Message { + cid: array_ref!(data,0,4).clone(), + cmd: data[4], + payload: data[5..].to_vec(), + } + } +} + +/* Fuzzing HID packets splitting and assembling functions*/ +fuzz_target!(|data: &[u8]| { + let Message{cid, mut cmd, payload} = raw_to_message(data, data.len()); + if let Some(hid_packet_iterator) = HidPacketIterator::new(Message{cid,cmd,payload:payload.clone()}){ + let packets: Vec = hid_packet_iterator.collect(); + let mut assembler = MessageAssembler::new(); + for (i, packet) in packets.iter().enumerate(){ + if i != packets.len() - 1 { + assert_eq!( + assembler.parse_packet(packet, DUMMY_TIMESTAMP), + Ok(None) + ); + } + else{ + cmd = cmd & !PACKET_TYPE_MASK; + assert_eq!( + assembler.parse_packet(packet, DUMMY_TIMESTAMP), + Ok(Some(Message{cid,cmd,payload:payload.clone()})) + ); + } + } + } +}); From 6edf67ee2c42cd34d029b1df0e017948a0fa833f Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Tue, 15 Sep 2020 11:11:47 +0000 Subject: [PATCH 03/11] Fixed dependency and linking errors --- Cargo.toml | 9 ++++----- src/ctap/hid/mod.rs | 1 + src/ctap/storage.rs | 3 +++ third_party/lang-items/Cargo.toml | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 421dcb68..5978c2ac 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,7 +12,7 @@ edition = "2018" [dependencies] libtock_core = { path = "third_party/libtock-rs/core" } libtock_drivers = { path = "third_party/libtock-drivers" } -#lang_items = { path = "third_party/lang-items" } +lang_items = { path = "third_party/lang-items" } cbor = { path = "libraries/cbor" } crypto = { path = "libraries/crypto" } byteorder = { version = "1", default-features = false } @@ -20,11 +20,10 @@ arrayref = "0.3.6" subtle = { version = "2.2", default-features = false, features = ["nightly"] } [features] -#debug_allocations = ["lang_items/debug_allocations"] +debug_allocations = ["lang_items/debug_allocations"] debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"] -#panic_console = ["lang_items/panic_console"] -std = ["cbor/std", "crypto/std", "crypto/derive_debug"] -#, "lang_items/std"] +panic_console = ["lang_items/panic_console"] +std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std"] ram_storage = [] verbose = ["debug_ctap", "libtock_drivers/verbose_usb"] with_ctap1 = ["crypto/with_ctap1"] diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs index addc09cd..115bc3a3 100644 --- a/src/ctap/hid/mod.rs +++ b/src/ctap/hid/mod.rs @@ -163,6 +163,7 @@ impl CtapHid { Ok(Some(message)) => { #[cfg(feature = "debug_ctap")] writeln!(&mut Console::new(), "Received message: {:02x?}", message).unwrap(); + let cid = message.cid; if !self.has_valid_channel(&message) { #[cfg(feature = "debug_ctap")] diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index a4dcaf26..f316a0fd 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -17,11 +17,14 @@ use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialS use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH; use crate::ctap::status_code::Ctap2StatusCode; use crate::ctap::{key_material, USE_BATCH_ATTESTATION}; +#[cfg(feature = "fuzzing")] use crate::embedded_flash::{self, StoreConfig, StoreEntry, StoreError}; use alloc::string::String; use alloc::vec::Vec; use core::convert::TryInto; use crypto::rng256::Rng256; +#[cfg(not(feature = "fuzzing"))] +use ctap2::embedded_flash::{self, StoreConfig, StoreEntry, StoreError}; #[cfg(any(test, feature = "ram_storage"))] type Storage = embedded_flash::BufferStorage; diff --git a/third_party/lang-items/Cargo.toml b/third_party/lang-items/Cargo.toml index 39ffbf03..eb1fa2e7 100644 --- a/third_party/lang-items/Cargo.toml +++ b/third_party/lang-items/Cargo.toml @@ -9,7 +9,7 @@ license = "MIT/Apache-2.0" edition = "2018" [dependencies] -libtock_core = { path = "../../third_party/libtock-rs/core", default-features = false, features = ["alloc_init", "custom_panic_handler", "custom_alloc_error_handler"] } +libtock_core = { path = "../../third_party/libtock-rs/core", default-features = false, features = ["custom_panic_handler", "custom_alloc_error_handler"] } libtock_drivers = { path = "../libtock-drivers" } linked_list_allocator = { version = "0.8.1", default-features = false } From 3a6a78bbf25b81f22fbe4830524ee6eeefaddb58 Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Wed, 16 Sep 2020 10:28:36 +0000 Subject: [PATCH 04/11] Resolved PR comments --- .github/workflows/cargo_fmt.yml | 8 ++- .../fuzz_target_split_assemble.rs | 61 +++++++++---------- src/lib.rs | 4 -- 3 files changed, 37 insertions(+), 36 deletions(-) diff --git a/.github/workflows/cargo_fmt.yml b/.github/workflows/cargo_fmt.yml index fa04d317..a3cbd701 100644 --- a/.github/workflows/cargo_fmt.yml +++ b/.github/workflows/cargo_fmt.yml @@ -38,12 +38,18 @@ jobs: command: fmt args: --all -- --check + - name: Cargo format fuzz/ + uses: actions-rs/cargo@v1 + with: + command: fmt + args: --manifest-path fuzz/Cargo.toml --all -- --check + - name: Cargo format libraries/cbor uses: actions-rs/cargo@v1 with: command: fmt args: --manifest-path libraries/cbor/Cargo.toml --all -- --check - + - name: Cargo format libraries/cbor/fuzz uses: actions-rs/cargo@v1 with: diff --git a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs index 2c06ca0f..02ec7f05 100644 --- a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs +++ b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs @@ -5,36 +5,28 @@ extern crate libtock_drivers; #[macro_use] extern crate arrayref; -use libfuzzer_sys::fuzz_target; use ctap2::ctap::hid::receive::MessageAssembler; use ctap2::ctap::hid::send::HidPacketIterator; -use ctap2::ctap::hid::{Message, HidPacket}; +use ctap2::ctap::hid::{HidPacket, Message}; +use libfuzzer_sys::fuzz_target; use libtock_drivers::timer::Timestamp; const DUMMY_TIMESTAMP: Timestamp = Timestamp::from_ms(0); const PACKET_TYPE_MASK: u8 = 0x80; // Converts a byte slice into Message -fn raw_to_message(data: &[u8], len: usize) -> Message{ +fn raw_to_message(data: &[u8], len: usize) -> Message { if len <= 4 { - let mut cid = [0;4]; + let mut cid = [0; 4]; cid[..len].copy_from_slice(data); - Message{ + Message { cid, cmd: 0, payload: vec![], } - } - else if len == 5{ - Message{ - cid: array_ref!(data,0,4).clone(), - cmd: data[4], - payload: vec![], - } - } - else{ + } else { Message { - cid: array_ref!(data,0,4).clone(), + cid: array_ref!(data, 0, 4).clone(), cmd: data[4], payload: data[5..].to_vec(), } @@ -43,24 +35,31 @@ fn raw_to_message(data: &[u8], len: usize) -> Message{ /* Fuzzing HID packets splitting and assembling functions*/ fuzz_target!(|data: &[u8]| { - let Message{cid, mut cmd, payload} = raw_to_message(data, data.len()); - if let Some(hid_packet_iterator) = HidPacketIterator::new(Message{cid,cmd,payload:payload.clone()}){ - let packets: Vec = hid_packet_iterator.collect(); + let Message { + cid, + mut cmd, + payload, + } = raw_to_message(data, data.len()); + if let Some(hid_packet_iterator) = HidPacketIterator::new(Message { + cid, + cmd, + payload: payload.clone(), + }) { let mut assembler = MessageAssembler::new(); - for (i, packet) in packets.iter().enumerate(){ - if i != packets.len() - 1 { - assert_eq!( - assembler.parse_packet(packet, DUMMY_TIMESTAMP), - Ok(None) - ); - } - else{ - cmd = cmd & !PACKET_TYPE_MASK; - assert_eq!( - assembler.parse_packet(packet, DUMMY_TIMESTAMP), - Ok(Some(Message{cid,cmd,payload:payload.clone()})) - ); + let packets: Vec = hid_packet_iterator.collect(); + if let Some((last_packet, first_packets)) = packets.split_last() { + for packet in first_packets { + assert_eq!(assembler.parse_packet(packet, DUMMY_TIMESTAMP), Ok(None)); } + cmd = cmd & !PACKET_TYPE_MASK; + assert_eq!( + assembler.parse_packet(last_packet, DUMMY_TIMESTAMP), + Ok(Some(Message { + cid, + cmd, + payload: payload.clone() + })) + ); } } }); diff --git a/src/lib.rs b/src/lib.rs index fe7bd4c2..0df6552d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -23,10 +23,6 @@ extern crate cbor; extern crate lang_items; extern crate libtock_core; extern crate libtock_drivers; -#[macro_use] -extern crate cbor; -#[macro_use] -extern crate arrayref; pub mod ctap; pub mod embedded_flash; From 6e8eecce59a59159d645a7b73c1b36df8dc186d9 Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Thu, 17 Sep 2020 14:13:27 +0000 Subject: [PATCH 05/11] Resolved comments --- fuzz/Cargo.toml | 3 +-- .../fuzz_target_split_assemble.rs | 26 +++++-------------- 2 files changed, 8 insertions(+), 21 deletions(-) diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index ff092d55..f0b5abca 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -1,4 +1,3 @@ - [package] name = "ctap2-fuzz" version = "0.0.0" @@ -14,7 +13,7 @@ libfuzzer-sys = { version = "0.3"} arrayref = "0.3.6" libtock_drivers = { path = "../third_party/libtock-drivers" } crypto = { path = "../libraries/crypto", features = ['std'] } -cbor = { path = "../libraries/cbor"} +cbor = { path = "../libraries/cbor" } [dependencies.ctap2] path = ".." diff --git a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs index 02ec7f05..e3ebd504 100644 --- a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs +++ b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs @@ -15,10 +15,10 @@ const DUMMY_TIMESTAMP: Timestamp = Timestamp::from_ms(0); const PACKET_TYPE_MASK: u8 = 0x80; // Converts a byte slice into Message -fn raw_to_message(data: &[u8], len: usize) -> Message { - if len <= 4 { +fn raw_to_message(data: &[u8]) -> Message { + if data.len() <= 4 { let mut cid = [0; 4]; - cid[..len].copy_from_slice(data); + cid[..data.len()].copy_from_slice(data); Message { cid, cmd: 0, @@ -35,30 +35,18 @@ fn raw_to_message(data: &[u8], len: usize) -> Message { /* Fuzzing HID packets splitting and assembling functions*/ fuzz_target!(|data: &[u8]| { - let Message { - cid, - mut cmd, - payload, - } = raw_to_message(data, data.len()); - if let Some(hid_packet_iterator) = HidPacketIterator::new(Message { - cid, - cmd, - payload: payload.clone(), - }) { + let mut message = raw_to_message(data); + if let Some(hid_packet_iterator) = HidPacketIterator::new(message.clone()) { let mut assembler = MessageAssembler::new(); let packets: Vec = hid_packet_iterator.collect(); if let Some((last_packet, first_packets)) = packets.split_last() { for packet in first_packets { assert_eq!(assembler.parse_packet(packet, DUMMY_TIMESTAMP), Ok(None)); } - cmd = cmd & !PACKET_TYPE_MASK; + message.cmd &= !PACKET_TYPE_MASK; assert_eq!( assembler.parse_packet(last_packet, DUMMY_TIMESTAMP), - Ok(Some(Message { - cid, - cmd, - payload: payload.clone() - })) + Ok(Some(message.clone())) ); } } From 6cab8aaa20a8e449367e7975ea1b44b56371ef33 Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Thu, 17 Sep 2020 14:20:41 +0000 Subject: [PATCH 06/11] Resolved comments --- fuzz/fuzz_targets/fuzz_target_split_assemble.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs index e3ebd504..c655e84d 100644 --- a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs +++ b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs @@ -46,7 +46,7 @@ fuzz_target!(|data: &[u8]| { message.cmd &= !PACKET_TYPE_MASK; assert_eq!( assembler.parse_packet(last_packet, DUMMY_TIMESTAMP), - Ok(Some(message.clone())) + Ok(Some(message)) ); } } From d0a1f707bc49e516ea7fb5d1beeb81b04ee6a5ba Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Tue, 22 Sep 2020 17:41:16 +0000 Subject: [PATCH 07/11] Fixed dependencies --- Cargo.toml | 1 - fuzz/Cargo.toml | 2 +- reproducible/reference_elf2tab_macos-10.15.txt | 4 ---- reproducible/reference_elf2tab_ubuntu-18.04.txt | 1 - src/ctap/storage.rs | 3 --- 5 files changed, 1 insertion(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 5978c2ac..a11d0f76 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,7 +28,6 @@ ram_storage = [] verbose = ["debug_ctap", "libtock_drivers/verbose_usb"] with_ctap1 = ["crypto/with_ctap1"] with_ctap2_1 = [] -fuzzing = [] [dev-dependencies] elf2tab = "0.6.0" diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index f0b5abca..ce96d471 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -17,7 +17,7 @@ cbor = { path = "../libraries/cbor" } [dependencies.ctap2] path = ".." -features = ['std', 'ram_storage', 'fuzzing'] +features = ['std', 'ram_storage'] # Prevent this from interfering with workspaces [workspace] diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt index 2e198721..044cd282 100644 --- a/reproducible/reference_elf2tab_macos-10.15.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -21,7 +21,6 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 - ======================================== Board: nrf52840_dongle ---------------------------------------- @@ -45,7 +44,6 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 - ======================================== Board: nrf52840_dongle_dfu ---------------------------------------- @@ -69,7 +67,6 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 - ======================================== Board: nrf52840_mdk_dfu ---------------------------------------- @@ -93,4 +90,3 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 - diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt index 48959df4..18259cf5 100644 --- a/reproducible/reference_elf2tab_ubuntu-18.04.txt +++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt @@ -18,7 +18,6 @@ TBF Header: init_fn_offset: 73 0x49 protected_size: 8 0x8 minimum_ram_size: 107428 0x1A3A4 - start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index f316a0fd..a4dcaf26 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -17,14 +17,11 @@ use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialS use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH; use crate::ctap::status_code::Ctap2StatusCode; use crate::ctap::{key_material, USE_BATCH_ATTESTATION}; -#[cfg(feature = "fuzzing")] use crate::embedded_flash::{self, StoreConfig, StoreEntry, StoreError}; use alloc::string::String; use alloc::vec::Vec; use core::convert::TryInto; use crypto::rng256::Rng256; -#[cfg(not(feature = "fuzzing"))] -use ctap2::embedded_flash::{self, StoreConfig, StoreEntry, StoreError}; #[cfg(any(test, feature = "ram_storage"))] type Storage = embedded_flash::BufferStorage; From 0aa489527c789c329c6c417d4d22e98f64263e3e Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Fri, 18 Sep 2020 12:00:12 +0000 Subject: [PATCH 08/11] Changed reproducible --- reproducible/reference_elf2tab_macos-10.15.txt | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt index 044cd282..490e6c11 100644 --- a/reproducible/reference_elf2tab_macos-10.15.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -2,7 +2,11 @@ Board: nrf52840dk ---------------------------------------- Creating "target/tab/thumbv7em-none-eabi.tbf" +<<<<<<< HEAD Min RAM size from segments in ELF: 20 bytes +======= +Min RAM size from sections in ELF: 20 bytes +>>>>>>> 716db1b (Changed reproducible) Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section @@ -21,11 +25,19 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 +<<<<<<< HEAD +======= + +>>>>>>> 716db1b (Changed reproducible) ======================================== Board: nrf52840_dongle ---------------------------------------- Creating "target/tab/thumbv7em-none-eabi.tbf" +<<<<<<< HEAD Min RAM size from segments in ELF: 20 bytes +======= +Min RAM size from sections in ELF: 20 bytes +>>>>>>> 716db1b (Changed reproducible) Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section @@ -44,6 +56,10 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 +<<<<<<< HEAD +======= + +>>>>>>> 716db1b (Changed reproducible) ======================================== Board: nrf52840_dongle_dfu ---------------------------------------- From ddfa1ba8fd7c88185c37871095fbdd710de9fdd8 Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Tue, 22 Sep 2020 18:04:56 +0000 Subject: [PATCH 09/11] Changed reproducible --- reproducible/reference_elf2tab_macos-10.15.txt | 16 ++-------------- reproducible/reference_elf2tab_ubuntu-18.04.txt | 1 + 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt index 490e6c11..2e198721 100644 --- a/reproducible/reference_elf2tab_macos-10.15.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -2,11 +2,7 @@ Board: nrf52840dk ---------------------------------------- Creating "target/tab/thumbv7em-none-eabi.tbf" -<<<<<<< HEAD Min RAM size from segments in ELF: 20 bytes -======= -Min RAM size from sections in ELF: 20 bytes ->>>>>>> 716db1b (Changed reproducible) Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section @@ -25,19 +21,12 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 -<<<<<<< HEAD -======= ->>>>>>> 716db1b (Changed reproducible) ======================================== Board: nrf52840_dongle ---------------------------------------- Creating "target/tab/thumbv7em-none-eabi.tbf" -<<<<<<< HEAD Min RAM size from segments in ELF: 20 bytes -======= -Min RAM size from sections in ELF: 20 bytes ->>>>>>> 716db1b (Changed reproducible) Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section @@ -56,10 +45,7 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 -<<<<<<< HEAD -======= ->>>>>>> 716db1b (Changed reproducible) ======================================== Board: nrf52840_dongle_dfu ---------------------------------------- @@ -83,6 +69,7 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 + ======================================== Board: nrf52840_mdk_dfu ---------------------------------------- @@ -106,3 +93,4 @@ TBF Header: start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 + diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt index 18259cf5..48959df4 100644 --- a/reproducible/reference_elf2tab_ubuntu-18.04.txt +++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt @@ -18,6 +18,7 @@ TBF Header: init_fn_offset: 73 0x49 protected_size: 8 0x8 minimum_ram_size: 107428 0x1A3A4 + start_process_ram: 4294967295 0xFFFFFFFF start_process_flash: 262208 0x40040 From ed8308df385e84ebb88239c7c45b6b2ad57aeaa7 Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Tue, 22 Sep 2020 18:45:19 +0000 Subject: [PATCH 10/11] Reversed changes --- src/ctap/storage.rs | 1 + third_party/lang-items/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index a4dcaf26..de5eb038 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -11,6 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. + #[cfg(feature = "with_ctap2_1")] use crate::ctap::data_formats::{extract_array, extract_text_string}; use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialSource}; diff --git a/third_party/lang-items/Cargo.toml b/third_party/lang-items/Cargo.toml index eb1fa2e7..39ffbf03 100644 --- a/third_party/lang-items/Cargo.toml +++ b/third_party/lang-items/Cargo.toml @@ -9,7 +9,7 @@ license = "MIT/Apache-2.0" edition = "2018" [dependencies] -libtock_core = { path = "../../third_party/libtock-rs/core", default-features = false, features = ["custom_panic_handler", "custom_alloc_error_handler"] } +libtock_core = { path = "../../third_party/libtock-rs/core", default-features = false, features = ["alloc_init", "custom_panic_handler", "custom_alloc_error_handler"] } libtock_drivers = { path = "../libtock-drivers" } linked_list_allocator = { version = "0.8.1", default-features = false } From e467026e6fc29b7b8616181f5f3815fec33eab4c Mon Sep 17 00:00:00 2001 From: mingxguo27 Date: Wed, 23 Sep 2020 15:08:40 +0000 Subject: [PATCH 11/11] Added git workflow and shell script for fuzzing --- .github/workflows/cargo_fuzz.yml | 32 ++++++++++++++++++++++++++++++++ fuzzing_setup.sh | 23 +++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 .github/workflows/cargo_fuzz.yml create mode 100755 fuzzing_setup.sh diff --git a/.github/workflows/cargo_fuzz.yml b/.github/workflows/cargo_fuzz.yml new file mode 100644 index 00000000..b6867c83 --- /dev/null +++ b/.github/workflows/cargo_fuzz.yml @@ -0,0 +1,32 @@ +--- +name: Cargo fuzz build +on: + push: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + build_fuzzing: + strategy: + matrix: + os: [ubuntu-18.04, macos-10.15] + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v2 + with: + submodules: "true" + - uses: actions-rs/toolchain@v1 + with: + target: thumbv7em-none-eabi + - uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Install Python dependencies + run: python -m pip install --upgrade pip setuptools wheel + - name: Set up OpenSK + run: ./setup.sh + - name: Set up fuzzing + run: ./fuzzing_setup.sh + + - name: Cargo fuzz build + run: cargo fuzz build diff --git a/fuzzing_setup.sh b/fuzzing_setup.sh new file mode 100755 index 00000000..66edabbe --- /dev/null +++ b/fuzzing_setup.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Ensure the script doesn't fail on Github workflows +export TERM=${TERM:-vt100} +done_text="$(tput bold)DONE.$(tput sgr0)" + +set -e + +# Install cargo-fuzz library. +cargo install cargo-fuzz