diff options
author | Ravi Jotwani <rjotwani@google.com> | 2020-08-20 18:42:35 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-20 18:42:35 -0700 |
commit | aa807fcd8a9f613bf08e076e6e932f108c3720b5 (patch) | |
tree | 28f9beb351795821c6e060b5fd66a512d1114dfa | |
parent | 038a3e272e9a2df45b279a7a294044d457481430 (diff) |
[pycryptodome] Additional Fuzzer (#4339)
* initial commit
* update build script, build failing
* add necessary environment variable definitions
* build working
* programmatically get system bits
* add md5 fuzzer
* fix style
* add fuzzers for two more hash functions
* testing dynamic includes
* build working
* clean up build script
* add aes fuzzer
* patch block_common to avoid build issues
* remove comments
* update patchfile location
* move patchfile again
* apply patch from subdirectory
* remove another comment
* change state type, use same data for encryption and decryption
-rw-r--r-- | projects/pycryptodome/Dockerfile | 3 | ||||
-rw-r--r-- | projects/pycryptodome/block_common.patch | 12 | ||||
-rwxr-xr-x | projects/pycryptodome/build.sh | 10 | ||||
-rw-r--r-- | projects/pycryptodome/pcd_aes_fuzzer.cc | 47 |
4 files changed, 69 insertions, 3 deletions
diff --git a/projects/pycryptodome/Dockerfile b/projects/pycryptodome/Dockerfile index 58ab57c4..c8702f8a 100644 --- a/projects/pycryptodome/Dockerfile +++ b/projects/pycryptodome/Dockerfile @@ -17,5 +17,6 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/Legrandin/pycryptodome.git -WORKDIR pycryptodome +WORKDIR pycryptodome/src COPY build.sh *_fuzzer.cc $SRC/ +COPY block_common.patch $SRC/pycryptodome/src diff --git a/projects/pycryptodome/block_common.patch b/projects/pycryptodome/block_common.patch new file mode 100644 index 00000000..dd71b96e --- /dev/null +++ b/projects/pycryptodome/block_common.patch @@ -0,0 +1,12 @@ +diff --git a/src/block_common.c b/src/block_common.c +index 169200a6..c6da1f85 100644 +--- a/src/block_common.c ++++ b/src/block_common.c +@@ -106,7 +106,7 @@ EXPORT_SYM int CIPHER_START_OPERATION(const uint8_t key[], size_t key_len, CIPHE + if ((key == NULL) || (pResult == NULL)) + return ERR_NULL; + +- *pResult = calloc(1, sizeof(CIPHER_STATE_TYPE)); ++ *pResult = (CIPHER_STATE_TYPE *) calloc(1, sizeof(CIPHER_STATE_TYPE)); + if (NULL == *pResult) + return ERR_MEMORY; diff --git a/projects/pycryptodome/build.sh b/projects/pycryptodome/build.sh index ca97063a..4cdd4703 100755 --- a/projects/pycryptodome/build.sh +++ b/projects/pycryptodome/build.sh @@ -15,7 +15,9 @@ # ################################################################################ -PCD_INTERNALS=(src/*.c src/libtom/*.c) +patch block_common.c block_common.patch + +PCD_INTERNALS=(./*.c ./libtom/*.c) PCD_FLAGS=( "-I $SRC/pycryptodome/src" "-I $SRC/pycryptodome/src/libtom" @@ -29,7 +31,7 @@ PCD_FLAGS=( $CC $CFLAGS \ ${PCD_FLAGS[@]} \ -c "${PCD_INTERNALS//'blake2.c'/}" -ar -qc $WORK/libpycryptodome.a *.o +ar -qc $WORK/libpycryptodome.a *.o PCD_HASH_OPTIONS=( "-D HASHTYPE=md2 -D FNAME=MD2.c -D DIGEST_SIZE=16 -o $OUT/md2_fuzzer" @@ -46,3 +48,7 @@ for ((i = 0; i < ${#PCD_HASH_OPTIONS[@]}; i++)); do $SRC/pcd_hash_fuzzer.cc ${PCD_HASH_OPTIONS[i]} \ $LIB_FUZZING_ENGINE $WORK/libpycryptodome.a done + +$CXX $CXXFLAGS ${PCD_FLAGS[@]} \ + $SRC/pcd_aes_fuzzer.cc -o $OUT/aes_fuzzer \ + $LIB_FUZZING_ENGINE $WORK/libpycryptodome.a diff --git a/projects/pycryptodome/pcd_aes_fuzzer.cc b/projects/pycryptodome/pcd_aes_fuzzer.cc new file mode 100644 index 00000000..0586aa49 --- /dev/null +++ b/projects/pycryptodome/pcd_aes_fuzzer.cc @@ -0,0 +1,47 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "AES.c" +#include "common.h" +#include <fuzzer/FuzzedDataProvider.h> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + + if (!size) + return 0; + + enum KeySize { AES128 = 16, AES192 = 24, AES256 = 32, kMaxValue = AES256 }; + + FuzzedDataProvider stream(data, size); + const KeySize keySize = stream.ConsumeEnum<KeySize>(); + if (stream.remaining_bytes() < keySize) + return 0; + + std::vector<uint8_t> keyBuf = stream.ConsumeBytes<uint8_t>(keySize); + const uint8_t *key = keyBuf.data(); + + BlockBase *state; + if (AES_start_operation(key, keySize, reinterpret_cast<AES_State **>(&state))) + return 0; + + uint8_t outEnc[size]; + uint8_t outDec[size]; + + AES_encrypt(reinterpret_cast<BlockBase *>(state), data, outEnc, size); + AES_decrypt(reinterpret_cast<BlockBase *>(state), data, outDec, size); + + AES_stop_operation(reinterpret_cast<BlockBase *>(state)); + + return 0; +} |