xref: /freebsd/contrib/libfido2/fuzz/mutator_aux.h (revision 2ccfa855b2fc331819953e3de1b1c15ce5b95a7e) 
10afa8e06SEd Maste /*
2*2ccfa855SEd Maste  * Copyright (c) 2019-2022 Yubico AB. All rights reserved.
30afa8e06SEd Maste  * Use of this source code is governed by a BSD-style
40afa8e06SEd Maste  * license that can be found in the LICENSE file.
5*2ccfa855SEd Maste  * SPDX-License-Identifier: BSD-2-Clause
60afa8e06SEd Maste  */
70afa8e06SEd Maste 
80afa8e06SEd Maste #ifndef _MUTATOR_AUX_H
90afa8e06SEd Maste #define _MUTATOR_AUX_H
100afa8e06SEd Maste 
11*2ccfa855SEd Maste #include <sys/types.h>
12*2ccfa855SEd Maste 
130afa8e06SEd Maste #include <stddef.h>
140afa8e06SEd Maste #include <stdint.h>
150afa8e06SEd Maste #include <cbor.h>
160afa8e06SEd Maste 
170afa8e06SEd Maste #include "../src/fido.h"
180afa8e06SEd Maste #include "../src/fido/bio.h"
190afa8e06SEd Maste #include "../src/fido/config.h"
200afa8e06SEd Maste #include "../src/fido/credman.h"
210afa8e06SEd Maste #include "../src/fido/eddsa.h"
220afa8e06SEd Maste #include "../src/fido/es256.h"
23*2ccfa855SEd Maste #include "../src/fido/es384.h"
240afa8e06SEd Maste #include "../src/fido/rs256.h"
250afa8e06SEd Maste #include "../src/netlink.h"
260afa8e06SEd Maste 
270afa8e06SEd Maste /*
280afa8e06SEd Maste  * As of LLVM 10.0.0, MSAN support in libFuzzer was still experimental.
290afa8e06SEd Maste  * We therefore have to be careful when using our custom mutator, or
300afa8e06SEd Maste  * MSAN will flag uninitialised reads on memory populated by libFuzzer.
310afa8e06SEd Maste  * Since there is no way to suppress MSAN without regenerating object
320afa8e06SEd Maste  * code (in which case you might as well rebuild libFuzzer with MSAN),
330afa8e06SEd Maste  * we adjust our mutator to make it less accurate while allowing
340afa8e06SEd Maste  * fuzzing to proceed.
350afa8e06SEd Maste  */
360afa8e06SEd Maste 
370afa8e06SEd Maste #if defined(__has_feature)
380afa8e06SEd Maste # if  __has_feature(memory_sanitizer)
390afa8e06SEd Maste #  include <sanitizer/msan_interface.h>
400afa8e06SEd Maste #  define NO_MSAN	__attribute__((no_sanitize("memory")))
410afa8e06SEd Maste #  define WITH_MSAN	1
420afa8e06SEd Maste # endif
430afa8e06SEd Maste #endif
440afa8e06SEd Maste 
450afa8e06SEd Maste #if !defined(WITH_MSAN)
460afa8e06SEd Maste # define NO_MSAN
470afa8e06SEd Maste #endif
480afa8e06SEd Maste 
490afa8e06SEd Maste #define MUTATE_SEED	0x01
500afa8e06SEd Maste #define MUTATE_PARAM	0x02
510afa8e06SEd Maste #define MUTATE_WIREDATA	0x04
520afa8e06SEd Maste #define MUTATE_ALL	(MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA)
530afa8e06SEd Maste 
540afa8e06SEd Maste #define MAXSTR		1024
55f540a430SEd Maste #define MAXBLOB		3600
56*2ccfa855SEd Maste #define MAXCORPUS	8192
57*2ccfa855SEd Maste 
58*2ccfa855SEd Maste #define HID_DEV_HANDLE	0x68696421
59*2ccfa855SEd Maste #define NFC_DEV_HANDLE	0x6e666321
600afa8e06SEd Maste 
610afa8e06SEd Maste struct blob {
620afa8e06SEd Maste 	uint8_t body[MAXBLOB];
630afa8e06SEd Maste 	size_t len;
640afa8e06SEd Maste };
650afa8e06SEd Maste 
660afa8e06SEd Maste struct param;
670afa8e06SEd Maste 
680afa8e06SEd Maste struct param *unpack(const uint8_t *, size_t);
690afa8e06SEd Maste size_t pack(uint8_t *, size_t, const struct param *);
700afa8e06SEd Maste size_t pack_dummy(uint8_t *, size_t);
710afa8e06SEd Maste void mutate(struct param *, unsigned int, unsigned int);
720afa8e06SEd Maste void test(const struct param *);
730afa8e06SEd Maste 
740afa8e06SEd Maste void consume(const void *, size_t);
750afa8e06SEd Maste void consume_str(const char *);
760afa8e06SEd Maste 
770afa8e06SEd Maste int unpack_blob(cbor_item_t *, struct blob *);
780afa8e06SEd Maste int unpack_byte(cbor_item_t *, uint8_t *);
790afa8e06SEd Maste int unpack_int(cbor_item_t *, int *);
800afa8e06SEd Maste int unpack_string(cbor_item_t *, char *);
810afa8e06SEd Maste 
820afa8e06SEd Maste cbor_item_t *pack_blob(const struct blob *);
830afa8e06SEd Maste cbor_item_t *pack_byte(uint8_t);
840afa8e06SEd Maste cbor_item_t *pack_int(int);
850afa8e06SEd Maste cbor_item_t *pack_string(const char *);
860afa8e06SEd Maste 
870afa8e06SEd Maste void mutate_byte(uint8_t *);
880afa8e06SEd Maste void mutate_int(int *);
890afa8e06SEd Maste void mutate_blob(struct blob *);
900afa8e06SEd Maste void mutate_string(char *);
910afa8e06SEd Maste 
920afa8e06SEd Maste ssize_t fd_read(int, void *, size_t);
930afa8e06SEd Maste ssize_t fd_write(int, const void *, size_t);
940afa8e06SEd Maste 
95*2ccfa855SEd Maste int nfc_read(void *, unsigned char *, size_t, int);
96*2ccfa855SEd Maste int nfc_write(void *, const unsigned char *, size_t);
97*2ccfa855SEd Maste 
980afa8e06SEd Maste fido_dev_t *open_dev(int);
990afa8e06SEd Maste void set_wire_data(const uint8_t *, size_t);
1000afa8e06SEd Maste 
101f540a430SEd Maste void fuzz_clock_reset(void);
1020afa8e06SEd Maste void prng_init(unsigned long);
1030afa8e06SEd Maste unsigned long prng_uint32(void);
1040afa8e06SEd Maste 
1050afa8e06SEd Maste uint32_t uniform_random(uint32_t);
1060afa8e06SEd Maste 
107*2ccfa855SEd Maste void set_pcsc_parameters(const struct blob *);
108*2ccfa855SEd Maste void set_pcsc_io_functions(int (*)(void *, u_char *, size_t, int),
109*2ccfa855SEd Maste     int (*)(void *, const u_char *, size_t), void (*)(const void *, size_t));
110*2ccfa855SEd Maste 
1110afa8e06SEd Maste #endif /* !_MUTATOR_AUX_H */
112