Add sturctured get assertion and client pin fuzzers (#482)

2022-05-27 10:34:38 +08:00
parent 4cfc5f57d4
commit 85fe9cd29d
6 changed files with 45 additions and 6 deletions
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -36,12 +36,24 @@ path = "fuzz_targets/fuzz_target_process_ctap2_client_pin.rs"
 test = false
 doc = false

+[[bin]]
+name = "fuzz_target_process_ctap2_client_pin_structured"
+path = "fuzz_targets/fuzz_target_process_ctap2_client_pin_structured.rs"
+test = false
+doc = false
+
 [[bin]]
 name = "fuzz_target_process_ctap2_get_assertion"
 path = "fuzz_targets/fuzz_target_process_ctap2_get_assertion.rs"
 test = false
 doc = false

+[[bin]]
+name = "fuzz_target_process_ctap2_get_assertion_structured"
+path = "fuzz_targets/fuzz_target_process_ctap2_get_assertion_structured.rs"
+test = false
+doc = false
+
 [[bin]]
 name = "fuzz_target_process_ctap2_make_credential"
 path = "fuzz_targets/fuzz_target_process_ctap2_make_credential.rs"
--- a/fuzz/fuzz_helper/src/lib.rs
+++ b/fuzz/fuzz_helper/src/lib.rs
@@ -239,12 +239,12 @@ pub fn process_ctap_structured(data: &[u8], input_type: InputType) -> FuzzResult
        InputType::CborMakeCredentialParameter => Command::AuthenticatorMakeCredential(
            AuthenticatorMakeCredentialParameters::arbitrary(unstructured)?,
        ),
-        InputType::CborGetAssertionParameter => {
-            unimplemented!()
-        }
-        InputType::CborClientPinParameter => {
-            unimplemented!()
-        }
+        InputType::CborGetAssertionParameter => Command::AuthenticatorGetAssertion(
+            AuthenticatorGetAssertionParameters::arbitrary(unstructured)?,
+        ),
+        InputType::CborClientPinParameter => Command::AuthenticatorClientPin(
+            AuthenticatorClientPinParameters::arbitrary(unstructured)?,
+        ),
        InputType::Ctap1 => {
            unimplemented!()
        }
--- a/fuzz/fuzz_targets/fuzz_target_process_ctap2_client_pin_structured.rs
+++ b/fuzz/fuzz_targets/fuzz_target_process_ctap2_client_pin_structured.rs
@@ -0,0 +1,10 @@
+#![no_main]
+
+use fuzz_helper::{process_ctap_structured, InputType};
+use libfuzzer_sys::fuzz_target;
+
+// Fuzz inputs as CTAP2 client pin command parameters.
+// The inputs will used to construct arbitrary client pin parameters.
+fuzz_target!(|data: &[u8]| {
+    process_ctap_structured(data, InputType::CborClientPinParameter).ok();
+});
--- a/fuzz/fuzz_targets/fuzz_target_process_ctap2_get_assertion_structured.rs
+++ b/fuzz/fuzz_targets/fuzz_target_process_ctap2_get_assertion_structured.rs
@@ -0,0 +1,10 @@
+#![no_main]
+
+use fuzz_helper::{process_ctap_structured, InputType};
+use libfuzzer_sys::fuzz_target;
+
+// Fuzz inputs as CTAP2 get assertion command parameters.
+// The inputs will used to construct arbitrary get assertion parameters.
+fuzz_target!(|data: &[u8]| {
+    process_ctap_structured(data, InputType::CborGetAssertionParameter).ok();
+});
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -246,6 +246,7 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
 }

 #[derive(Debug, PartialEq, Eq)]
+#[cfg_attr(feature = "fuzz", derive(Arbitrary))]
 pub struct AuthenticatorGetAssertionParameters {
    pub rp_id: String,
    pub client_data_hash: Vec<u8>,
@@ -317,6 +318,7 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
 }

 #[derive(Clone, Debug, PartialEq, Eq)]
+#[cfg_attr(feature = "fuzz", derive(Arbitrary))]
 pub struct AuthenticatorClientPinParameters {
    pub pin_uv_auth_protocol: PinUvAuthProtocol,
    pub sub_command: ClientPinSubCommand,
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -327,6 +327,7 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
 }

 #[derive(Clone, Debug, Default, PartialEq, Eq)]
+#[cfg_attr(feature = "fuzz", derive(Arbitrary))]
 pub struct GetAssertionExtensions {
    pub hmac_secret: Option<GetAssertionHmacSecretInput>,
    pub cred_blob: bool,
@@ -364,6 +365,7 @@ impl TryFrom<cbor::Value> for GetAssertionExtensions {
 }

 #[derive(Clone, Debug, PartialEq, Eq)]
+#[cfg_attr(feature = "fuzz", derive(Arbitrary))]
 pub struct GetAssertionHmacSecretInput {
    pub key_agreement: CoseKey,
    pub salt_enc: Vec<u8>,
@@ -437,6 +439,7 @@ impl TryFrom<cbor::Value> for MakeCredentialOptions {
 }

 #[derive(Debug, PartialEq, Eq)]
+#[cfg_attr(feature = "fuzz", derive(Arbitrary))]
 pub struct GetAssertionOptions {
    pub up: bool,
    pub uv: bool,
@@ -723,6 +726,7 @@ impl PublicKeyCredentialSource {

 // The COSE key is used for both ECDH and ECDSA public keys for transmission.
 #[derive(Clone, Debug, PartialEq, Eq)]
+#[cfg_attr(feature = "fuzz", derive(Arbitrary))]
 pub struct CoseKey {
    x_bytes: [u8; ecdh::NBYTES],
    y_bytes: [u8; ecdh::NBYTES],
@@ -976,6 +980,7 @@ impl TryFrom<cbor::Value> for PinUvAuthProtocol {

 #[derive(Clone, Debug, PartialEq, Eq)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
+#[cfg_attr(feature = "fuzz", derive(Arbitrary))]
 pub enum ClientPinSubCommand {
    GetPinRetries = 0x01,
    GetKeyAgreement = 0x02,