From c287ad6c24b01614f074351e83777b11d15f7f2b Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Fri, 16 Feb 2024 22:56:33 +0000 Subject: [PATCH] Implement native Go fuzzing (#1345) Signed-off-by: Adam Korczynski --- ctutil/fuzz_test.go | 44 ++++++++++++++++++++ x509/fuzz_test.go | 97 +++++++++++++++++++++++++++++++++++++++++++++ x509util/fuzz.go | 26 ------------ 3 files changed, 141 insertions(+), 26 deletions(-) create mode 100644 ctutil/fuzz_test.go create mode 100644 x509/fuzz_test.go delete mode 100644 x509util/fuzz.go diff --git a/ctutil/fuzz_test.go b/ctutil/fuzz_test.go new file mode 100644 index 0000000000..dc303021dd --- /dev/null +++ b/ctutil/fuzz_test.go @@ -0,0 +1,44 @@ +// Copyright 2024 Google LLC. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ctutil + +import ( + "github.com/google/certificate-transparency-go/x509" + "github.com/google/certificate-transparency-go/x509util" + "testing" +) + +func FuzzVerifySCTTest(f *testing.F) { + f.Fuzz(func(t *testing.T, publicKey, certData []byte) { + cert, err := x509.ParseCertificate(certData) + if err != nil { + t.Skip() + } + scts, err := x509util.ParseSCTsFromCertificate(cert.Raw) + if err != nil { + t.Skip() + } + chain, err := x509.ParseCertificates(cert.Raw) + if err != nil { + t.Skip() + } + pub, err := x509.ParsePKIXPublicKey(publicKey) + if err != nil { + t.Skip() + } + _ = VerifySCT(pub, chain, scts[0], true) + + }) +} diff --git a/x509/fuzz_test.go b/x509/fuzz_test.go new file mode 100644 index 0000000000..bd303eb2c1 --- /dev/null +++ b/x509/fuzz_test.go @@ -0,0 +1,97 @@ +// Copyright 2024 Google LLC. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package x509 + +import ( + "testing" +) + +func FuzzParseECPrivateKeyTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseECPrivateKey(data) + }) +} + +func FuzzParsePKIXPublicKeyTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParsePKIXPublicKey(data) + }) +} + +func FuzzParseTBSCertificateTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseTBSCertificate(data) + }) +} + +func FuzzParseCertificateTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseCertificate(data) + }) +} + +func FuzzParseCertificatesTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseCertificates(data) + }) +} + +func FuzzParseCRLTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseCRL(data) + }) +} + +func FuzzParseDERCRLTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseDERCRL(data) + }) +} + +func FuzzParseCertificateRequestTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseCertificateRequest(data) + }) +} + +func FuzzParsePKCS8PrivateKeyest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParsePKCS8PrivateKey(data) + }) +} + +func FuzzParsePKCS1PrivateKeyTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParsePKCS1PrivateKey(data) + }) +} + +func FuzzParsePKCS1PublicKeyTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParsePKCS1PublicKey(data) + }) +} + +func FuzzParseCertificateListTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseCertificateList(data) + }) +} + +func FuzzParseCertificateListDERTest(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _ = ParseCertificateListDER(data) + }) +} diff --git a/x509util/fuzz.go b/x509util/fuzz.go deleted file mode 100644 index ccda196e2e..0000000000 --- a/x509util/fuzz.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2017 Google LLC. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package x509util - -import "github.com/google/certificate-transparency-go/x509" - -// Fuzz is a go-fuzz (https://github.com/dvyukov/go-fuzz) entrypoint -// for fuzzing the parsing of X509 certificates. -func Fuzz(data []byte) int { - if _, err := x509.ParseCertificate(data); err == nil { - return 1 - } - return 0 -}