summaryrefslogtreecommitdiff
path: root/fuzz/u2f_fuzz.cc
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz/u2f_fuzz.cc')
-rw-r--r--fuzz/u2f_fuzz.cc240
1 files changed, 0 insertions, 240 deletions
diff --git a/fuzz/u2f_fuzz.cc b/fuzz/u2f_fuzz.cc
deleted file mode 100644
index 356301e52a..0000000000
--- a/fuzz/u2f_fuzz.cc
+++ /dev/null
@@ -1,240 +0,0 @@
-/* Copyright 2021 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#include <fuzzer/FuzzedDataProvider.h>
-
-#include <cstdint>
-#include <memory>
-#include <string>
-#include <vector>
-
-#define HIDE_EC_STDLIB
-extern "C" {
-#include "physical_presence.h"
-#include "u2f_cmds.h"
-#include "u2f_impl.h"
-#include "internal.h"
-}
-
-extern "C" {
-/******************************************************************************/
-/* Mock implementations of cr50 board.
- */
-int system_get_chip_unique_id(uint8_t **id)
-{
- return P256_NBYTES;
-}
-
-/******************************************************************************/
-/* Mock implementations of Dcrypto functionality.
- */
-int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
- const p256_int *pk_y, const p256_int *serial,
- const char *name, uint8_t *cert, const int n)
-{
- memset(cert, 1, n);
- return n;
-}
-
-enum dcrypto_result DCRYPTO_p256_key_from_bytes(
- p256_int *x, p256_int *y, p256_int *d,
- const uint8_t key_bytes[P256_NBYTES])
-{
- p256_int key;
-
- p256_from_bin(key_bytes, &key);
-
- // The actual condition for this function to fail happens rarely,
- // and not able to to control. So we assume it fails for some inputs
- // for fuzz purpose.
- if (P256_DIGIT(&key, 0) % 10 == 0) {
- return DCRYPTO_RETRY;
- }
-
- if (p256_lt_blinded(&key, &SECP256r1_nMin2) >= 0)
- return DCRYPTO_RETRY;
- p256_add_d(&key, 1, d);
- if (x == NULL || y == NULL)
- return DCRYPTO_OK;
- memset(x, 0, P256_NBYTES);
- memset(y, 0, P256_NBYTES);
- return DCRYPTO_OK;
-}
-
-enum dcrypto_result dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg,
- const p256_int *key,
- const p256_int *message,
- p256_int *r, p256_int *s)
-{
- memset(r, 0, sizeof(p256_int));
- memset(s, 0, sizeof(p256_int));
- return DCRYPTO_OK;
-}
-
-/******************************************************************************/
-/* Mock implementations of U2F functionality.
- */
-static struct u2f_state ustate;
-struct u2f_state *u2f_get_state(void)
-{
- return &ustate;
-}
-
-static enum touch_state tstate;
-enum touch_state pop_check_presence(int consume)
-{
- return tstate;
-}
-
-uint8_t buffer[512];
-
-int test_fuzz_one_input(const uint8_t *data, unsigned int size)
-{
- FuzzedDataProvider data_provider(data, size);
-
- if (data_provider.ConsumeBool()) {
- ustate.drbg_entropy_size = 64;
- } else {
- ustate.drbg_entropy_size = 32;
- }
-
- if (data_provider.ConsumeBool()) {
- tstate = POP_TOUCH_YES;
- } else {
- tstate = POP_TOUCH_NO;
- }
-
- while (data_provider.remaining_bytes() > 0) {
- std::vector<uint8_t> bytes;
- int command_num = data_provider.ConsumeIntegralInRange(0, 2);
- size_t request_size, response_size;
- struct u2f_generate_req *generate_req;
- struct u2f_generate_resp *resp;
- struct u2f_generate_versioned_resp *versioned_resp;
- struct u2f_sign_req *sign_req;
- struct u2f_sign_versioned_req *sign_versioned_req;
- struct u2f_attest_req *attest_req;
- struct g2f_register_msg *g2f_msg;
- uint8_t appId[U2F_APPID_SIZE];
- uint8_t userSecret[U2F_USER_SECRET_SIZE];
- uint8_t flags;
- struct u2f_key_handle kh;
- struct u2f_versioned_key_handle versioned_kh;
- struct u2f_ec_point public_key;
- int kh_version;
- vendor_cmd_rc rc;
-
- switch (command_num) {
- case 0:
- bytes = data_provider.ConsumeBytes<uint8_t>(
- sizeof(struct u2f_generate_req));
- memcpy(buffer, bytes.data(), bytes.size());
- generate_req = (u2f_generate_req *)buffer;
- memcpy(appId, generate_req->appId, U2F_APPID_SIZE);
- memcpy(userSecret, generate_req->userSecret,
- U2F_USER_SECRET_SIZE);
- flags = generate_req->flags;
- response_size = 512;
- rc = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, buffer,
- sizeof(struct u2f_generate_req),
- &response_size);
- if (rc != VENDOR_RC_SUCCESS) {
- break;
- }
- kh_version = (response_size ==
- sizeof(struct u2f_generate_resp)) ?
- 0 :
- 1;
- if (!kh_version) {
- resp = (u2f_generate_resp *)buffer;
- kh = resp->keyHandle;
- public_key = resp->pubKey;
- sign_req = (u2f_sign_req *)buffer;
- memcpy(sign_req->appId, appId, U2F_APPID_SIZE);
- memcpy(sign_req->userSecret, userSecret,
- U2F_USER_SECRET_SIZE);
- sign_req->flags = flags;
- sign_req->keyHandle = kh;
- bytes = data_provider.ConsumeBytes<uint8_t>(
- U2F_P256_SIZE);
- memcpy(sign_req->hash, bytes.data(),
- bytes.size());
- request_size = sizeof(struct u2f_sign_req);
- } else {
- versioned_resp =
- (u2f_generate_versioned_resp *)buffer;
- versioned_kh = versioned_resp->keyHandle;
- sign_versioned_req =
- (u2f_sign_versioned_req *)buffer;
- memcpy(sign_versioned_req->appId, appId,
- U2F_APPID_SIZE);
- memcpy(sign_versioned_req->userSecret,
- userSecret, U2F_USER_SECRET_SIZE);
- sign_versioned_req->flags = flags;
- sign_versioned_req->keyHandle = versioned_kh;
- bytes = data_provider.ConsumeBytes<uint8_t>(
- U2F_P256_SIZE);
- memcpy(sign_versioned_req->hash, bytes.data(),
- bytes.size());
- request_size =
- sizeof(struct u2f_sign_versioned_req);
- }
- response_size = 512;
- u2f_sign_cmd(VENDOR_CC_U2F_SIGN, buffer, request_size,
- &response_size);
- if (!kh_version) {
- attest_req = (u2f_attest_req *)buffer;
- attest_req->format = U2F_ATTEST_FORMAT_REG_RESP;
- attest_req->dataLen =
- sizeof(struct g2f_register_msg);
- memcpy(attest_req->userSecret, userSecret,
- U2F_USER_SECRET_SIZE);
- g2f_msg = (g2f_register_msg *)attest_req->data;
- g2f_msg->reserved = 0;
- memcpy(g2f_msg->app_id, appId, U2F_APPID_SIZE);
- memcpy(g2f_msg->key_handle.hmac, kh.hmac,
- sizeof(kh.hmac));
- memcpy(g2f_msg->key_handle.origin_seed,
- kh.origin_seed, sizeof(kh.origin_seed));
- g2f_msg->public_key = public_key;
- bytes = data_provider.ConsumeBytes<uint8_t>(
- U2F_CHAL_SIZE);
- memcpy(g2f_msg->challenge, bytes.data(),
- bytes.size());
- response_size = 512;
- u2f_attest_cmd(VENDOR_CC_U2F_ATTEST, buffer,
- sizeof(struct u2f_attest_req),
- &response_size);
- }
- break;
- case 1: {
- bool is_versioned = data_provider.ConsumeBool();
- request_size =
- is_versioned ?
- sizeof(struct u2f_sign_versioned_req) :
- sizeof(struct u2f_sign_req);
- bytes = data_provider.ConsumeBytes<uint8_t>(
- request_size);
- memcpy(buffer, bytes.data(), bytes.size());
- response_size = 512;
- u2f_sign_cmd(VENDOR_CC_U2F_SIGN, buffer, request_size,
- &response_size);
- break;
- }
- case 2:
- auto str = data_provider.ConsumeRandomLengthString(256);
- memcpy(buffer, str.data(), str.size());
- attest_req = (u2f_attest_req *)buffer;
- attest_req->dataLen = sizeof(struct g2f_register_msg);
- response_size = 512;
- u2f_attest_cmd(VENDOR_CC_U2F_ATTEST, buffer, str.size(),
- &response_size);
- break;
- }
- break;
- }
- return 0;
-}
-} \ No newline at end of file
View Lorry Controller Status