Coverage Report

Created: 2023-09-23 17:42

/libfido2/fuzz/mutator_aux.h
Line
Count
Source
1
/*
2
 * Copyright (c) 2019-2022 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 * SPDX-License-Identifier: BSD-2-Clause
6
 */
7
8
#ifndef _MUTATOR_AUX_H
9
#define _MUTATOR_AUX_H
10
11
#include <sys/types.h>
12
13
#include <stddef.h>
14
#include <stdint.h>
15
#include <cbor.h>
16
17
#include "../src/fido.h"
18
#include "../src/fido/bio.h"
19
#include "../src/fido/config.h"
20
#include "../src/fido/credman.h"
21
#include "../src/fido/eddsa.h"
22
#include "../src/fido/es256.h"
23
#include "../src/fido/es384.h"
24
#include "../src/fido/rs256.h"
25
#include "../src/netlink.h"
26
27
/*
28
 * As of LLVM 10.0.0, MSAN support in libFuzzer was still experimental.
29
 * We therefore have to be careful when using our custom mutator, or
30
 * MSAN will flag uninitialised reads on memory populated by libFuzzer.
31
 * Since there is no way to suppress MSAN without regenerating object
32
 * code (in which case you might as well rebuild libFuzzer with MSAN),
33
 * we adjust our mutator to make it less accurate while allowing
34
 * fuzzing to proceed.
35
 */
36
37
#if defined(__has_feature)
38
# if  __has_feature(memory_sanitizer)
39
#  include <sanitizer/msan_interface.h>
40
#  define NO_MSAN       __attribute__((no_sanitize("memory")))
41
#  define WITH_MSAN     1
42
# endif
43
#endif
44
45
#if !defined(WITH_MSAN)
46
# define NO_MSAN
47
#endif
48
49
#define MUTATE_SEED     0x01
50
#define MUTATE_PARAM    0x02
51
#define MUTATE_WIREDATA 0x04
52
#define MUTATE_ALL      (MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA)
53
54
#define MAXSTR          1024
55
#define MAXBLOB         3600
56
#define MAXCORPUS       8192
57
58
#define HID_DEV_HANDLE  0x68696421
59
1.65k
#define NFC_DEV_HANDLE  0x6e666321
60
61
struct blob {
62
        uint8_t body[MAXBLOB];
63
        size_t len;
64
};
65
66
struct param;
67
68
struct param *unpack(const uint8_t *, size_t);
69
size_t pack(uint8_t *, size_t, const struct param *);
70
size_t pack_dummy(uint8_t *, size_t);
71
void mutate(struct param *, unsigned int, unsigned int);
72
void test(const struct param *);
73
74
void consume(const void *, size_t);
75
void consume_str(const char *);
76
77
int unpack_blob(cbor_item_t *, struct blob *);
78
int unpack_byte(cbor_item_t *, uint8_t *);
79
int unpack_int(cbor_item_t *, int *);
80
int unpack_string(cbor_item_t *, char *);
81
82
cbor_item_t *pack_blob(const struct blob *);
83
cbor_item_t *pack_byte(uint8_t);
84
cbor_item_t *pack_int(int);
85
cbor_item_t *pack_string(const char *);
86
87
void mutate_byte(uint8_t *);
88
void mutate_int(int *);
89
void mutate_blob(struct blob *);
90
void mutate_string(char *);
91
92
ssize_t fd_read(int, void *, size_t);
93
ssize_t fd_write(int, const void *, size_t);
94
95
int nfc_read(void *, unsigned char *, size_t, int);
96
int nfc_write(void *, const unsigned char *, size_t);
97
98
fido_dev_t *open_dev(int);
99
void set_wire_data(const uint8_t *, size_t);
100
101
void fuzz_clock_reset(void);
102
void prng_init(unsigned long);
103
unsigned long prng_uint32(void);
104
105
uint32_t uniform_random(uint32_t);
106
107
void set_pcsc_parameters(const struct blob *);
108
void set_pcsc_io_functions(int (*)(void *, u_char *, size_t, int),
109
    int (*)(void *, const u_char *, size_t), void (*)(const void *, size_t));
110
111
#endif /* !_MUTATOR_AUX_H */