Added first fuzzing target

Cargo.toml

@@ -12,7 +12,7 @@ edition = "2018"
 [dependencies]
 libtock_core = { path = "third_party/libtock-rs/core" }
 libtock_drivers = { path = "third_party/libtock-drivers" }
-lang_items = { path = "third_party/lang-items" }
+#lang_items = { path = "third_party/lang-items" }
 cbor = { path = "libraries/cbor" }
 crypto = { path = "libraries/crypto" }
 byteorder = { version = "1", default-features = false }
@@ -20,14 +20,16 @@ arrayref = "0.3.6"
 subtle = { version = "2.2", default-features = false, features = ["nightly"] }
 
 [features]
-debug_allocations = ["lang_items/debug_allocations"]
+#debug_allocations = ["lang_items/debug_allocations"]
 debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"]
-panic_console = ["lang_items/panic_console"]
+#panic_console = ["lang_items/panic_console"]
-std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std"]
+std = ["cbor/std", "crypto/std", "crypto/derive_debug"]
+#, "lang_items/std"]
 ram_storage = []
 verbose = ["debug_ctap", "libtock_drivers/verbose_usb"]
 with_ctap1 = ["crypto/with_ctap1"]
 with_ctap2_1 = []
+fuzzing = []
 
 [dev-dependencies]
 elf2tab = "0.6.0"

fuzz/Cargo.toml

@@ -0,0 +1,31 @@
+
+[package]
+name = "ctap2-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = { version = "0.3"}
+arrayref = "0.3.6"
+libtock_drivers = { path = "../third_party/libtock-drivers" }
+crypto = { path = "../libraries/crypto", features = ['std'] }
+cbor = { path = "../libraries/cbor"}
+
+[dependencies.ctap2]
+path = ".."
+features = ['std', 'ram_storage', 'fuzzing']
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_target_split_assemble"
+path = "fuzz_targets/fuzz_target_split_assemble.rs"
+test = false
+doc = false

fuzz/fuzz_targets/fuzz_target_split_assemble.rs

@@ -0,0 +1,66 @@
+#![no_main]
+
+extern crate ctap2;
+extern crate libtock_drivers;
+#[macro_use]
+extern crate arrayref;
+
+use libfuzzer_sys::fuzz_target;
+use ctap2::ctap::hid::receive::MessageAssembler;
+use ctap2::ctap::hid::send::HidPacketIterator;
+use ctap2::ctap::hid::{Message, HidPacket};
+use libtock_drivers::timer::Timestamp;
+
+const DUMMY_TIMESTAMP: Timestamp<isize> = Timestamp::from_ms(0);
+const PACKET_TYPE_MASK: u8 = 0x80;
+
+// Converts a byte slice into Message
+fn raw_to_message(data: &[u8], len: usize) -> Message{
+    if len <= 4 {
+        let mut cid = [0;4];
+        cid[..len].copy_from_slice(data);
+        Message{
+            cid,
+            cmd: 0,
+            payload: vec![],
+        }
+    }
+    else if len == 5{
+        Message{
+            cid: array_ref!(data,0,4).clone(),
+            cmd: data[4],
+            payload: vec![],
+        }
+    }
+    else{
+        Message {
+            cid: array_ref!(data,0,4).clone(),
+            cmd: data[4],
+            payload: data[5..].to_vec(),
+        }
+    }
+}
+
+/* Fuzzing HID packets splitting and assembling functions*/
+fuzz_target!(|data: &[u8]| {
+    let Message{cid, mut cmd, payload} = raw_to_message(data, data.len());
+    if let Some(hid_packet_iterator) = HidPacketIterator::new(Message{cid,cmd,payload:payload.clone()}){
+        let packets: Vec<HidPacket> = hid_packet_iterator.collect();
+        let mut assembler = MessageAssembler::new();
+        for (i, packet) in packets.iter().enumerate(){
+            if i != packets.len() - 1 {
+                assert_eq!(
+                    assembler.parse_packet(packet, DUMMY_TIMESTAMP),
+                    Ok(None)
+                );
+            }
+            else{
+                cmd = cmd & !PACKET_TYPE_MASK;
+                assert_eq!(
+                    assembler.parse_packet(packet, DUMMY_TIMESTAMP),
+                    Ok(Some(Message{cid,cmd,payload:payload.clone()}))
+                );
+            }
+        }
+    }
+});