diff --git a/Cargo.toml b/Cargo.toml index a11d0f7..421dcb6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,7 +12,7 @@ edition = "2018" [dependencies] libtock_core = { path = "third_party/libtock-rs/core" } libtock_drivers = { path = "third_party/libtock-drivers" } -lang_items = { path = "third_party/lang-items" } +#lang_items = { path = "third_party/lang-items" } cbor = { path = "libraries/cbor" } crypto = { path = "libraries/crypto" } byteorder = { version = "1", default-features = false } @@ -20,14 +20,16 @@ arrayref = "0.3.6" subtle = { version = "2.2", default-features = false, features = ["nightly"] } [features] -debug_allocations = ["lang_items/debug_allocations"] +#debug_allocations = ["lang_items/debug_allocations"] debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"] -panic_console = ["lang_items/panic_console"] -std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std"] +#panic_console = ["lang_items/panic_console"] +std = ["cbor/std", "crypto/std", "crypto/derive_debug"] +#, "lang_items/std"] ram_storage = [] verbose = ["debug_ctap", "libtock_drivers/verbose_usb"] with_ctap1 = ["crypto/with_ctap1"] with_ctap2_1 = [] +fuzzing = [] [dev-dependencies] elf2tab = "0.6.0" diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml new file mode 100644 index 0000000..ff092d5 --- /dev/null +++ b/fuzz/Cargo.toml @@ -0,0 +1,31 @@ + +[package] +name = "ctap2-fuzz" +version = "0.0.0" +authors = ["Automatically generated"] +publish = false +edition = "2018" + +[package.metadata] +cargo-fuzz = true + +[dependencies] +libfuzzer-sys = { version = "0.3"} +arrayref = "0.3.6" +libtock_drivers = { path = "../third_party/libtock-drivers" } +crypto = { path = "../libraries/crypto", features = ['std'] } +cbor = { path = "../libraries/cbor"} + +[dependencies.ctap2] +path = ".." +features = ['std', 'ram_storage', 'fuzzing'] + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[[bin]] +name = "fuzz_target_split_assemble" +path = "fuzz_targets/fuzz_target_split_assemble.rs" +test = false +doc = false diff --git a/fuzz/fuzz_targets/fuzz_target_split_assemble.rs b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs new file mode 100644 index 0000000..2c06ca0 --- /dev/null +++ b/fuzz/fuzz_targets/fuzz_target_split_assemble.rs @@ -0,0 +1,66 @@ +#![no_main] + +extern crate ctap2; +extern crate libtock_drivers; +#[macro_use] +extern crate arrayref; + +use libfuzzer_sys::fuzz_target; +use ctap2::ctap::hid::receive::MessageAssembler; +use ctap2::ctap::hid::send::HidPacketIterator; +use ctap2::ctap::hid::{Message, HidPacket}; +use libtock_drivers::timer::Timestamp; + +const DUMMY_TIMESTAMP: Timestamp = Timestamp::from_ms(0); +const PACKET_TYPE_MASK: u8 = 0x80; + +// Converts a byte slice into Message +fn raw_to_message(data: &[u8], len: usize) -> Message{ + if len <= 4 { + let mut cid = [0;4]; + cid[..len].copy_from_slice(data); + Message{ + cid, + cmd: 0, + payload: vec![], + } + } + else if len == 5{ + Message{ + cid: array_ref!(data,0,4).clone(), + cmd: data[4], + payload: vec![], + } + } + else{ + Message { + cid: array_ref!(data,0,4).clone(), + cmd: data[4], + payload: data[5..].to_vec(), + } + } +} + +/* Fuzzing HID packets splitting and assembling functions*/ +fuzz_target!(|data: &[u8]| { + let Message{cid, mut cmd, payload} = raw_to_message(data, data.len()); + if let Some(hid_packet_iterator) = HidPacketIterator::new(Message{cid,cmd,payload:payload.clone()}){ + let packets: Vec = hid_packet_iterator.collect(); + let mut assembler = MessageAssembler::new(); + for (i, packet) in packets.iter().enumerate(){ + if i != packets.len() - 1 { + assert_eq!( + assembler.parse_packet(packet, DUMMY_TIMESTAMP), + Ok(None) + ); + } + else{ + cmd = cmd & !PACKET_TYPE_MASK; + assert_eq!( + assembler.parse_packet(packet, DUMMY_TIMESTAMP), + Ok(Some(Message{cid,cmd,payload:payload.clone()})) + ); + } + } + } +});