Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug: 1037793 Change-Id: Ia8148e61569e8b16cf6ae67dd136081c150b08ef Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2278059 Reviewed-by: Andrew Grieve <agrieve@chromium.org> Reviewed-by: danakj <danakj@chromium.org> Reviewed-by: Himanshu Jaju <himanshujaju@chromium.org> Reviewed-by: Alex Gough <ajgo@chromium.org> Commit-Queue: Alex Chau <alexchau@chromium.org> Cr-Commit-Position: refs/heads/master@{#786757}
- Loading branch information
Alex Chau
authored and
Commit Bot
committed
Jul 9, 2020
1 parent
e5c9378
commit ab64075
Showing
10 changed files
with
397 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# Copyright 2020 The Chromium Authors. All rights reserved. | ||
# Use of this source code is governed by a BSD-style license that can be | ||
# found in the LICENSE file. | ||
|
||
import("//testing/libfuzzer/fuzzer_test.gni") | ||
|
||
# root BUILD depends on this target. Needed for package discovery | ||
group("fuzzers") { | ||
} | ||
|
||
fuzzer_test("d2d_connection_context_server_fuzzer") { | ||
sources = [ | ||
"d2d_connection_context_factory.cc", | ||
"d2d_connection_context_factory.h", | ||
"d2d_connection_context_server_fuzzer.cc", | ||
] | ||
deps = [ | ||
"//base", | ||
"//third_party/protobuf:protobuf_lite", | ||
"//third_party/ukey2", | ||
] | ||
} | ||
|
||
fuzzer_test("d2d_connection_context_client_fuzzer") { | ||
sources = [ | ||
"d2d_connection_context_client_fuzzer.cc", | ||
"d2d_connection_context_factory.cc", | ||
"d2d_connection_context_factory.h", | ||
] | ||
deps = [ | ||
"//base", | ||
"//third_party/protobuf:protobuf_lite", | ||
"//third_party/ukey2", | ||
] | ||
} | ||
|
||
fuzzer_test("ukey2_handshake_client_init_fuzzer") { | ||
sources = [ "ukey2_handshake_client_init_fuzzer.cc" ] | ||
deps = [ | ||
"//base", | ||
"//third_party/ukey2", | ||
] | ||
} | ||
|
||
fuzzer_test("ukey2_handshake_server_init_fuzzer") { | ||
sources = [ "ukey2_handshake_server_init_fuzzer.cc" ] | ||
deps = [ | ||
"//base", | ||
"//third_party/ukey2", | ||
] | ||
} | ||
|
||
fuzzer_test("ukey2_handshake_client_finish_fuzzer") { | ||
sources = [ "ukey2_handshake_client_finish_fuzzer.cc" ] | ||
deps = [ | ||
"//base", | ||
"//third_party/ukey2", | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
include_rules = [ | ||
"+base", | ||
] |
43 changes: 43 additions & 0 deletions
43
third_party/ukey2/fuzzers/d2d_connection_context_client_fuzzer.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include <stddef.h> | ||
#include <stdint.h> | ||
#include <iostream> | ||
#include <memory> | ||
#include <string> | ||
|
||
#include "base/check.h" | ||
#include "base/logging.h" | ||
#include "base/no_destructor.h" | ||
#include "third_party/protobuf/src/google/protobuf/stubs/logging.h" | ||
#include "third_party/ukey2/fuzzers/d2d_connection_context_factory.h" | ||
|
||
// Disable noisy logging in protobuf. | ||
google::protobuf::LogSilencer log_silencer; | ||
|
||
struct Environment { | ||
Environment() { | ||
// Disable noisy logging as per "libFuzzer in Chrome" documentation: | ||
// testing/libfuzzer/getting_started.md#Disable-noisy-error-message-logging. | ||
logging::SetMinLogLevel(logging::LOG_FATAL); | ||
// Disable noisy logging in securemessage. | ||
std::cerr.setstate(std::ios_base::failbit); | ||
|
||
// Create instance once to be reused between fuzzing rounds. | ||
client_context = securegcm::CreateClientContext(); | ||
CHECK(client_context); | ||
} | ||
|
||
std::unique_ptr<securegcm::D2DConnectionContextV1> client_context; | ||
}; | ||
|
||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | ||
static base::NoDestructor<Environment> environment; | ||
|
||
std::string buffer(data, data + size); | ||
environment->client_context->DecodeMessageFromPeer(buffer); | ||
|
||
return 0; | ||
} |
85 changes: 85 additions & 0 deletions
85
third_party/ukey2/fuzzers/d2d_connection_context_factory.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "third_party/ukey2/fuzzers/d2d_connection_context_factory.h" | ||
|
||
#include <string> | ||
|
||
#include "base/check.h" | ||
#include "third_party/ukey2/src/src/main/cpp/include/securegcm/ukey2_handshake.h" | ||
|
||
namespace securegcm { | ||
|
||
namespace { | ||
|
||
const securegcm::UKey2Handshake::HandshakeCipher kCipher = | ||
securegcm::UKey2Handshake::HandshakeCipher::P256_SHA512; | ||
// Arbitrary chosen length as verification string is discarded regardless. | ||
const int32_t kMaxUkey2VerificationStringLength = 32; | ||
|
||
void PerformHandshake(UKey2Handshake* server, UKey2Handshake* client) { | ||
std::unique_ptr<std::string> client_init = client->GetNextHandshakeMessage(); | ||
CHECK(client_init) << client->GetLastError(); | ||
|
||
UKey2Handshake::ParseResult parse_result = | ||
server->ParseHandshakeMessage(*client_init); | ||
CHECK(parse_result.success) << server->GetLastError(); | ||
|
||
std::unique_ptr<std::string> server_init = server->GetNextHandshakeMessage(); | ||
CHECK(server_init) << server->GetLastError(); | ||
|
||
client->ParseHandshakeMessage(*server_init); | ||
CHECK(parse_result.success) << client->GetLastError(); | ||
|
||
std::unique_ptr<std::string> client_finish = | ||
client->GetNextHandshakeMessage(); | ||
CHECK(client_finish) << client->GetLastError(); | ||
|
||
parse_result = server->ParseHandshakeMessage(*client_finish); | ||
CHECK(parse_result.success) << server->GetLastError(); | ||
} | ||
|
||
} // namespace | ||
|
||
std::unique_ptr<D2DConnectionContextV1> CreateServerContext() { | ||
std::unique_ptr<UKey2Handshake> server = | ||
UKey2Handshake::ForResponder(kCipher); | ||
CHECK(server); | ||
|
||
std::unique_ptr<UKey2Handshake> client = | ||
UKey2Handshake::ForInitiator(kCipher); | ||
CHECK(client); | ||
|
||
PerformHandshake(server.get(), client.get()); | ||
|
||
std::unique_ptr<std::string> verification_string = | ||
server->GetVerificationString(kMaxUkey2VerificationStringLength); | ||
CHECK(verification_string) << server->GetLastError(); | ||
|
||
bool verify_result = server->VerifyHandshake(); | ||
CHECK(verify_result) << server->GetLastError(); | ||
|
||
return server->ToConnectionContext(); | ||
} | ||
|
||
std::unique_ptr<D2DConnectionContextV1> CreateClientContext() { | ||
auto server = UKey2Handshake::ForResponder(kCipher); | ||
CHECK(server); | ||
|
||
auto client = UKey2Handshake::ForInitiator(kCipher); | ||
CHECK(client); | ||
|
||
PerformHandshake(server.get(), client.get()); | ||
|
||
std::unique_ptr<std::string> verification_string = | ||
client->GetVerificationString(kMaxUkey2VerificationStringLength); | ||
CHECK(verification_string) << client->GetLastError(); | ||
|
||
bool verify_result = client->VerifyHandshake(); | ||
CHECK(verify_result) << client->GetLastError(); | ||
|
||
return client->ToConnectionContext(); | ||
} | ||
|
||
} // namespace securegcm |
20 changes: 20 additions & 0 deletions
20
third_party/ukey2/fuzzers/d2d_connection_context_factory.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef THIRD_PARTY_UKEY2_D2D_CONNECTION_CONTEXT_FACTORY_H_ | ||
#define THIRD_PARTY_UKEY2_D2D_CONNECTION_CONTEXT_FACTORY_H_ | ||
|
||
#include <memory> | ||
|
||
#include "third_party/ukey2/src/src/main/cpp/include/securegcm/d2d_connection_context_v1.h" | ||
|
||
namespace securegcm { | ||
|
||
std::unique_ptr<securegcm::D2DConnectionContextV1> CreateServerContext(); | ||
|
||
std::unique_ptr<securegcm::D2DConnectionContextV1> CreateClientContext(); | ||
|
||
} // namespace securegcm | ||
|
||
#endif // THIRD_PARTY_UKEY2_D2D_CONNECTION_CONTEXT_FACTORY_H_ |
43 changes: 43 additions & 0 deletions
43
third_party/ukey2/fuzzers/d2d_connection_context_server_fuzzer.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include <stddef.h> | ||
#include <stdint.h> | ||
#include <iostream> | ||
#include <memory> | ||
#include <string> | ||
|
||
#include "base/check.h" | ||
#include "base/logging.h" | ||
#include "base/no_destructor.h" | ||
#include "third_party/protobuf/src/google/protobuf/stubs/logging.h" | ||
#include "third_party/ukey2/fuzzers/d2d_connection_context_factory.h" | ||
|
||
// Disable noisy logging in protobuf. | ||
google::protobuf::LogSilencer log_silencer; | ||
|
||
struct Environment { | ||
Environment() { | ||
// Disable noisy logging as per "libFuzzer in Chrome" documentation: | ||
// testing/libfuzzer/getting_started.md#Disable-noisy-error-message-logging. | ||
logging::SetMinLogLevel(logging::LOG_FATAL); | ||
// Disable noisy logging in securemessage. | ||
std::cerr.setstate(std::ios_base::failbit); | ||
|
||
// Create instance once to be reused between fuzzing rounds. | ||
server_context = securegcm::CreateServerContext(); | ||
CHECK(server_context); | ||
} | ||
|
||
std::unique_ptr<securegcm::D2DConnectionContextV1> server_context; | ||
}; | ||
|
||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | ||
static base::NoDestructor<Environment> environment; | ||
|
||
std::string buffer(data, data + size); | ||
environment->server_context->DecodeMessageFromPeer(buffer); | ||
|
||
return 0; | ||
} |
58 changes: 58 additions & 0 deletions
58
third_party/ukey2/fuzzers/ukey2_handshake_client_finish_fuzzer.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "third_party/ukey2/src/src/main/cpp/include/securegcm/ukey2_handshake.h" | ||
|
||
#include <stddef.h> | ||
#include <stdint.h> | ||
#include <memory> | ||
#include <string> | ||
|
||
#include "base/check.h" | ||
#include "base/logging.h" | ||
#include "base/no_destructor.h" | ||
|
||
const securegcm::UKey2Handshake::HandshakeCipher kCipher = | ||
securegcm::UKey2Handshake::HandshakeCipher::P256_SHA512; | ||
|
||
struct Environment { | ||
Environment() { | ||
// Disable noisy logging as per "libFuzzer in Chrome" documentation: | ||
// testing/libfuzzer/getting_started.md#Disable-noisy-error-message-logging. | ||
logging::SetMinLogLevel(logging::LOG_FATAL); | ||
|
||
// Create instance once to be reused between fuzzing rounds. | ||
server = securegcm::UKey2Handshake::ForResponder(kCipher); | ||
CHECK(server); | ||
|
||
// Advance server to parse client init, generate serer init, then wait for | ||
// client finish. | ||
std::unique_ptr<securegcm::UKey2Handshake> client = | ||
securegcm::UKey2Handshake::ForInitiator(kCipher); | ||
CHECK(client); | ||
|
||
std::unique_ptr<std::string> client_init = | ||
client->GetNextHandshakeMessage(); | ||
CHECK(client_init) << client->GetLastError(); | ||
|
||
securegcm::UKey2Handshake::ParseResult parse_result = | ||
server->ParseHandshakeMessage(*client_init); | ||
CHECK(parse_result.success) << server->GetLastError(); | ||
|
||
std::unique_ptr<std::string> server_init = | ||
server->GetNextHandshakeMessage(); | ||
CHECK(server_init) << server->GetLastError(); | ||
} | ||
|
||
std::unique_ptr<securegcm::UKey2Handshake> server; | ||
}; | ||
|
||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | ||
static base::NoDestructor<Environment> environment; | ||
|
||
std::string buffer(data, data + size); | ||
environment->server->ParseHandshakeMessage(buffer); | ||
|
||
return 0; | ||
} |
40 changes: 40 additions & 0 deletions
40
third_party/ukey2/fuzzers/ukey2_handshake_client_init_fuzzer.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "third_party/ukey2/src/src/main/cpp/include/securegcm/ukey2_handshake.h" | ||
|
||
#include <stddef.h> | ||
#include <stdint.h> | ||
#include <memory> | ||
#include <string> | ||
|
||
#include "base/check.h" | ||
#include "base/logging.h" | ||
#include "base/no_destructor.h" | ||
|
||
const securegcm::UKey2Handshake::HandshakeCipher kCipher = | ||
securegcm::UKey2Handshake::HandshakeCipher::P256_SHA512; | ||
|
||
struct Environment { | ||
Environment() { | ||
// Disable noisy logging as per "libFuzzer in Chrome" documentation: | ||
// testing/libfuzzer/getting_started.md#Disable-noisy-error-message-logging. | ||
logging::SetMinLogLevel(logging::LOG_FATAL); | ||
|
||
// Create instance once to be reused between fuzzing rounds. | ||
server = securegcm::UKey2Handshake::ForResponder(kCipher); | ||
CHECK(server); | ||
} | ||
|
||
std::unique_ptr<securegcm::UKey2Handshake> server; | ||
}; | ||
|
||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | ||
static base::NoDestructor<Environment> environment; | ||
|
||
std::string buffer(data, data + size); | ||
environment->server->ParseHandshakeMessage(buffer); | ||
|
||
return 0; | ||
} |
Oops, something went wrong.