[libfko/test suite] add the FUZZING_INTERFACES macro

Add a new fko_set_encoded_data() function gated by #define FUZZING_INTERFACES to allow encryption and authentication to be bypassed for fuzzing purposes (and only fuzzing purposes). The fko-wrapper code has been extended to process data in the test/fko-wrapper/fuzz_spa_payloads file, which is created by the new python fuzzer. Typical workflow is: $ cd test/fko-wrapper $ ../spa_fuzzer.py > fuzz_spa_payloads $ make fuzzing (as root): ./test-fwknop.pl --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper [+] Starting the fwknop test suite... args: --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper Saved results from previous run to: output.last/ Valgrind mode enabled, will import previous coverage from: output.last/valgrind-coverage/ [+] Total test buckets to execute: 2 [Rijndael] [fko-wrapper] multiple libfko calls (with valgrind)......pass (1) [Rijndael] [fko-wrapper] multiple libfko calls......................pass (2) [profile coverage] gcov profile coverage............................pass (3) [valgrind output] [flagged functions] ..............................pass (4) Run time: 5.85 minutes [+] 0/0/0 OpenSSL tests passed/failed/executed [+] 0/0/0 OpenSSL HMAC tests passed/failed/executed [+] 4/0/4 test buckets passed/failed/executed
2014-04-26 23:04:44 -04:00 · 2014-04-26 23:04:44 -04:00 · 9901d8a76a
commit 9901d8a76a
parent e1dde1733a
6 changed files with 112 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@ -135,6 +135,20 @@ if test "x$want_profile_coverage" = "xyes"; then
    FKO_CHECK_COMPILER_ARG_LDFLAGS_ONLY([-lgcov])
 fi

+dnl Decide whether or not to compile in certain features that enable fuzzing
+dnl of fwknop code - this is for testing purposes only.
+dnl
+want_fuzzing_interfaces=no
+AC_ARG_ENABLE([fuzzing-interfaces],
+  [AS_HELP_STRING([--enable-fuzzing-interfaces],
+    [Build fwknop binaries with support for fuzzing interfaces @<:@default is to disable@:>@])],
+  [want_fuzzing_interfaces=$enableval],
+  [])
+
+if test "x$want_fuzzing_interfaces" = "xyes"; then
+    AC_DEFINE([FUZZING_INTERFACES], [1], [Define for fuzzing interfaces support])
+fi
+
 dnl Decide whether or not to enable all warnings with -Wall
 dnl
 use_wall=yes
--- a/lib/fko.h
+++ b/lib/fko.h
@ -381,8 +381,10 @@ DLL_API int fko_set_spa_hmac(fko_ctx_t ctx, const char * const hmac_key,
 DLL_API int fko_get_spa_hmac(fko_ctx_t ctx, char **enc_data);

 DLL_API int fko_get_encoded_data(fko_ctx_t ctx, char **enc_data);
+#if FUZZING_INTERFACES
 DLL_API int fko_set_encoded_data(fko_ctx_t ctx, const char * const encoded_msg,
        const int msg_len, const int do_digest, const int digest_type);
+#endif

 /* Get context data functions
 */
--- a/lib/fko_encode.c
+++ b/lib/fko_encode.c
@ -244,6 +244,7 @@ fko_get_encoded_data(fko_ctx_t ctx, char **enc_msg)
 /* Set the fko SPA encoded data (this is a convenience
 * function mostly used for tests that involve fuzzing).
 */
+#if FUZZING_INTERFACES
 int
 fko_set_encoded_data(fko_ctx_t ctx,
        const char * const encoded_msg, const int msg_len,
@ -274,7 +275,7 @@ fko_set_encoded_data(fko_ctx_t ctx,

    if(require_digest)
    {
-        fko_set_spa_digest_type(ctx, FKO_DIGEST_SHA256);
+        fko_set_spa_digest_type(ctx, digest_type);
        if((res = fko_set_spa_digest(ctx)) != FKO_SUCCESS)
        {
            return res;
@ -310,5 +311,6 @@ fko_set_encoded_data(fko_ctx_t ctx,

    return(FKO_SUCCESS);
 }
+#endif

 /***EOF***/
--- a/test/conf/client-gpg-no-pw/trustdb.gpg
+++ b/test/conf/client-gpg-no-pw/trustdb.gpg
--- a/test/fko-wrapper/Makefile
+++ b/test/fko-wrapper/Makefile
@ -2,5 +2,8 @@
 all : fko_wrapper.c
 	gcc -Wall -g -I../../lib fko_wrapper.c -o fko_wrapper -L../../lib/.libs -lfko

+fuzzing: fko_wrapper.c
+	gcc -Wall -g -DFUZZING_INTERFACES -I../../lib fko_wrapper.c -o fko_wrapper -L../../lib/.libs -lfko
+
 clean:
 	rm -f fko_wrapper
--- a/test/fko-wrapper/fko_wrapper.c
+++ b/test/fko-wrapper/fko_wrapper.c
@ -9,6 +9,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
+#include <string.h>
 #include "fko.h"

 #define ENABLE_GPG_TESTS 0
@ -23,12 +24,20 @@
 #define NO_DIGEST        0
 #define DO_DIGEST        1
 #define RAW_DIGEST       2
+#define MAX_LINE_LEN     3000 /* really long for fuzzing tests */
 #define ENC_KEY          "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" /* 32 bytes */
 #define HMAC_KEY         "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" /* 32 bytes */

+#define IS_EMPTY_LINE(x) ( \
+    x == '#' || x == '\n' || x == '\r' || x == ';' || x == '\0' \
+)
+
 static void display_ctx(fko_ctx_t ctx);
 static void test_loop(int new_ctx_flag, int destroy_ctx_flag);
 static void test_loop_compounded(void);
+#if FUZZING_INTERFACES
+static void spa_encoded_msg_fuzzing(void);
+#endif
 static void ctx_update(fko_ctx_t *ctx, int new_ctx_flag,
        int destroy_ctx_flag, int print_flag);
 static void spa_default_ctx(fko_ctx_t *ctx);
@ -67,9 +76,90 @@ int main(void) {
    printf("[+] Total libfko function calls (after compounded tests): %d\n\n",
            spa_calls);

+#if FUZZING_INTERFACES
+    printf("[+] libfko fuzzing by setting SPA buffer manually...\n");
+    spa_encoded_msg_fuzzing();
+#endif
+
    return 0;
 }

+#if FUZZING_INTERFACES
+static void
+spa_encoded_msg_fuzzing(void)
+{
+    fko_ctx_t      decode_ctx = NULL;
+    int            res = 0, pkt_id, require_success, require_digest, digest_type, msg_len;
+    int            line_ctr = 0, spa_payload_ctr = 0;
+    FILE          *fz  = NULL;
+    char           line[MAX_LINE_LEN] = {0};
+    char           b64_encoded_msg[MAX_LINE_LEN] = {0};
+    unsigned char  b64_decoded_msg[MAX_LINE_LEN] = {0};
+
+    /* fuzzing file contents (or from stdin) are formatted like this:
+     *
+     * <pkt_ID> <status: success|fail> <digest: yes|no> <digest type> <base64_SPA_payload>
+    */
+
+    if ((fz = fopen("fuzz_spa_payloads", "r")) == NULL)
+        return;
+
+    while ((fgets(line, MAX_LINE_LEN, fz)) != NULL)
+    {
+        line_ctr++;
+        line[MAX_LINE_LEN-1] = '\0';
+
+        if (line[strlen(line)-1] == '\n')
+            line[strlen(line)-1] = '\0';
+
+        if(IS_EMPTY_LINE(line[0]))
+            continue;
+
+        if(sscanf(line, "%d %d %d %d %s", &pkt_id, &require_success,
+                    &require_digest, &digest_type, b64_encoded_msg) != 5)
+        {
+            printf("[+] fuzzing parsing error at line: %d\n", line_ctr);
+            continue;
+        }
+
+        msg_len = fko_base64_decode(b64_encoded_msg, b64_decoded_msg);
+
+        spa_payload_ctr++;
+
+        fko_new(&decode_ctx);
+
+        if ((res = fko_set_encoded_data(decode_ctx, (char *) b64_decoded_msg,
+                        msg_len, require_digest, digest_type)) != FKO_SUCCESS) {
+            printf("[-] pkt_id: %d, fko_set_encoded_data(): %s\n", pkt_id, fko_errstr(res));
+        }
+
+        res = fko_decode_spa_data(decode_ctx);
+        if (require_success) {
+            if (res != FKO_SUCCESS) {
+                printf("[-] pkt_id: %d, expected decode success but: fko_decode_spa_data(): %s\n",
+                        pkt_id, fko_errstr(res));
+            }
+        } else {
+            if (res == FKO_SUCCESS) {
+                printf("[-] pkt_id: %d, expected decode failure but: fko_decode_spa_data(): %s\n",
+                        pkt_id, fko_errstr(res));
+            }
+        }
+
+        fko_destroy(decode_ctx);
+
+        memset(line, 0x0, MAX_LINE_LEN);
+        memset(b64_encoded_msg, 0x0, MAX_LINE_LEN);
+    }
+
+    fclose(fz);
+
+    printf("[+] Sent %d SPA payloads through libfko encode/decode cycle...\n",
+            spa_payload_ctr);
+    return;
+}
+#endif
+
 static void
 test_loop_compounded(void)
 {