xref: /freebsd/contrib/libfido2/fuzz/mutator_aux.h (revision f3065e767def62d9b593dd7528c0eb121a7e1439)
1 /*
2  * Copyright (c) 2019-2021 Yubico AB. All rights reserved.
3  * Use of this source code is governed by a BSD-style
4  * license that can be found in the LICENSE file.
5  */
6 
7 #ifndef _MUTATOR_AUX_H
8 #define _MUTATOR_AUX_H
9 
10 #include <stddef.h>
11 #include <stdint.h>
12 #include <cbor.h>
13 
14 #include "../src/fido.h"
15 #include "../src/fido/bio.h"
16 #include "../src/fido/config.h"
17 #include "../src/fido/credman.h"
18 #include "../src/fido/eddsa.h"
19 #include "../src/fido/es256.h"
20 #include "../src/fido/es256.h"
21 #include "../src/fido/rs256.h"
22 #include "../src/netlink.h"
23 
24 /*
25  * As of LLVM 10.0.0, MSAN support in libFuzzer was still experimental.
26  * We therefore have to be careful when using our custom mutator, or
27  * MSAN will flag uninitialised reads on memory populated by libFuzzer.
28  * Since there is no way to suppress MSAN without regenerating object
29  * code (in which case you might as well rebuild libFuzzer with MSAN),
30  * we adjust our mutator to make it less accurate while allowing
31  * fuzzing to proceed.
32  */
33 
34 #if defined(__has_feature)
35 # if  __has_feature(memory_sanitizer)
36 #  include <sanitizer/msan_interface.h>
37 #  define NO_MSAN	__attribute__((no_sanitize("memory")))
38 #  define WITH_MSAN	1
39 # endif
40 #endif
41 
42 #if !defined(WITH_MSAN)
43 # define NO_MSAN
44 #endif
45 
46 #define MUTATE_SEED	0x01
47 #define MUTATE_PARAM	0x02
48 #define MUTATE_WIREDATA	0x04
49 #define MUTATE_ALL	(MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA)
50 
51 #define MAXSTR	1024
52 #define MAXBLOB	3600
53 
54 struct blob {
55 	uint8_t body[MAXBLOB];
56 	size_t len;
57 };
58 
59 struct param;
60 
61 struct param *unpack(const uint8_t *, size_t);
62 size_t pack(uint8_t *, size_t, const struct param *);
63 size_t pack_dummy(uint8_t *, size_t);
64 void mutate(struct param *, unsigned int, unsigned int);
65 void test(const struct param *);
66 
67 void consume(const void *, size_t);
68 void consume_str(const char *);
69 
70 int unpack_blob(cbor_item_t *, struct blob *);
71 int unpack_byte(cbor_item_t *, uint8_t *);
72 int unpack_int(cbor_item_t *, int *);
73 int unpack_string(cbor_item_t *, char *);
74 
75 cbor_item_t *pack_blob(const struct blob *);
76 cbor_item_t *pack_byte(uint8_t);
77 cbor_item_t *pack_int(int);
78 cbor_item_t *pack_string(const char *);
79 
80 void mutate_byte(uint8_t *);
81 void mutate_int(int *);
82 void mutate_blob(struct blob *);
83 void mutate_string(char *);
84 
85 ssize_t fd_read(int, void *, size_t);
86 ssize_t fd_write(int, const void *, size_t);
87 
88 fido_dev_t *open_dev(int);
89 void set_wire_data(const uint8_t *, size_t);
90 
91 void fuzz_clock_reset(void);
92 void prng_init(unsigned long);
93 unsigned long prng_uint32(void);
94 
95 uint32_t uniform_random(uint32_t);
96 
97 #endif /* !_MUTATOR_AUX_H */
98