pki: add fuzzer

Signed-off-by: AdamKorcz <adam@adalogics.com>
sigstore · Dec 27, 2022 · 345e656 · 345e656
1 parent 042ae08
commit 345e656
Show file tree

Hide file tree

Showing 2 changed files with 130 additions and 0 deletions.
diff --git a/pkg/pki/fuzz_test.go b/pkg/pki/fuzz_test.go
@@ -0,0 +1,129 @@
+//
+// Copyright 2022 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package pki
+
+import (
+	"bytes"
+	"io"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+
+	"github.com/sigstore/rekor/pkg/pki/minisign"
+	"github.com/sigstore/rekor/pkg/pki/pgp"
+	"github.com/sigstore/rekor/pkg/pki/pkcs7"
+	"github.com/sigstore/rekor/pkg/pki/ssh"
+	"github.com/sigstore/rekor/pkg/pki/tuf"
+	"github.com/sigstore/rekor/pkg/pki/x509"
+)
+
+var (
+	cmpOpts = []cmp.Option{cmp.AllowUnexported(minisign.PublicKey{},
+		pgp.PublicKey{},
+		ssh.PublicKey{},
+		x509.PublicKey{},
+		pkcs7.PublicKey{},
+		tuf.PublicKey{},
+	)}
+
+	fuzzArtifactFactoryMap = map[uint]pkiImpl{
+		0: {
+			newPubKey: func(r io.Reader) (PublicKey, error) {
+				return pgp.NewPublicKey(r)
+			},
+			newSignature: func(r io.Reader) (Signature, error) {
+				return pgp.NewSignature(r)
+			},
+		},
+		1: {
+			newPubKey: func(r io.Reader) (PublicKey, error) {
+				return minisign.NewPublicKey(r)
+			},
+			newSignature: func(r io.Reader) (Signature, error) {
+				return minisign.NewSignature(r)
+			},
+		},
+		2: {
+			newPubKey: func(r io.Reader) (PublicKey, error) {
+				return ssh.NewPublicKey(r)
+			},
+			newSignature: func(r io.Reader) (Signature, error) {
+				return ssh.NewSignature(r)
+			},
+		},
+		3: {
+			newPubKey: func(r io.Reader) (PublicKey, error) {
+				return x509.NewPublicKey(r)
+			},
+			newSignature: func(r io.Reader) (Signature, error) {
+				return x509.NewSignature(r)
+			},
+		},
+		4: {
+			newPubKey: func(r io.Reader) (PublicKey, error) {
+				return pkcs7.NewPublicKey(r)
+			},
+			newSignature: func(r io.Reader) (Signature, error) {
+				return pkcs7.NewSignature(r)
+			},
+		},
+		5: {
+			newPubKey: func(r io.Reader) (PublicKey, error) {
+				return tuf.NewPublicKey(r)
+			},
+			newSignature: func(r io.Reader) (Signature, error) {
+				return tuf.NewSignature(r)
+			},
+		},
+	}
+)
+
+func FuzzKeys(f *testing.F) {
+	f.Fuzz(func(t *testing.T, keyType uint, origSignatureData, verSignatureData, keyData []byte) {
+
+		// test public key
+		pub1, err := fuzzArtifactFactoryMap[keyType%6].newPubKey(bytes.NewReader(keyData))
+		if err == nil && pub1 != nil {
+			b, err := pub1.CanonicalValue()
+			if err == nil {
+				pub2, err := fuzzArtifactFactoryMap[keyType%6].newPubKey(bytes.NewReader(b))
+				if err != nil {
+					t.Fatal("Could not create a key from valid key data")
+				}
+				if !cmp.Equal(pub1, pub2, cmpOpts...) {
+					t.Fatal("The two public keys should be equal but are not")
+				}
+			}
+		}
+
+		// test signature
+		s, err := fuzzArtifactFactoryMap[keyType%6].newSignature(bytes.NewReader(origSignatureData))
+		if err == nil && s != nil {
+			b, err := s.CanonicalValue()
+			if err == nil {
+				_, err = fuzzArtifactFactoryMap[keyType%6].newSignature(bytes.NewReader(b))
+				if err != nil {
+					t.Fatal("Could not create a signature from valid key data")
+				}
+			}
+			pub, err := fuzzArtifactFactoryMap[keyType%6].newPubKey(bytes.NewReader(keyData))
+			if err != nil {
+				t.Skip()
+			}
+			s.Verify(bytes.NewReader(verSignatureData), pub)
+		}
+	})
+}
diff --git a/tests/oss_fuzz.sh b/tests/oss_fuzz.sh
@@ -16,6 +16,7 @@
 
 go get github.com/AdamKorcz/go-118-fuzz-build/testing
 
+compile_native_go_fuzzer github.com/sigstore/rekor/pkg/pki FuzzKeys FuzzKeys
 compile_native_go_fuzzer github.com/sigstore/rekor/pkg/sharding FuzzCreateEntryIDFromParts FuzzCreateEntryIDFromParts
 compile_native_go_fuzzer github.com/sigstore/rekor/pkg/sharding FuzzGetUUIDFromIDString FuzzGetUUIDFromIDString
 compile_native_go_fuzzer github.com/sigstore/rekor/pkg/sharding FuzzGetTreeIDFromIDString FuzzGetTreeIDFromIDString