/src/botan/src/fuzzer/pkcs1.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * (C) 2015,2016 Jack Lloyd |
3 | | * |
4 | | * Botan is released under the Simplified BSD License (see license.txt) |
5 | | */ |
6 | | #include "fuzzers.h" |
7 | | |
8 | | #include <botan/eme_pkcs.h> |
9 | | #include <botan/hex.h> |
10 | | |
11 | | namespace { |
12 | | |
13 | | std::vector<uint8_t> simple_pkcs1_unpad(const uint8_t in[], size_t len) |
14 | 190 | { |
15 | 190 | if(len < 10) |
16 | 10 | throw Botan::Decoding_Error("bad len"); |
17 | 180 | |
18 | 180 | if(in[0] != 0 || in[1] != 2) |
19 | 87 | throw Botan::Decoding_Error("bad header field"); |
20 | 93 | |
21 | 45.7k | for(size_t i = 2; i < len; ++i) |
22 | 45.7k | { |
23 | 45.7k | if(in[i] == 0) |
24 | 84 | { |
25 | 84 | if(i < 10) // at least 8 padding bytes required |
26 | 12 | throw Botan::Decoding_Error("insufficient padding bytes"); |
27 | 72 | return std::vector<uint8_t>(in + i + 1, in + len); |
28 | 72 | } |
29 | 45.7k | } |
30 | 93 | |
31 | 93 | throw Botan::Decoding_Error("delim not found"); |
32 | 93 | } |
33 | | |
34 | | } |
35 | | |
36 | | void fuzz(const uint8_t in[], size_t len) |
37 | 190 | { |
38 | 190 | static Botan::EME_PKCS1v15 pkcs1; |
39 | 190 | |
40 | 190 | Botan::secure_vector<uint8_t> lib_result; |
41 | 190 | std::vector<uint8_t> ref_result; |
42 | 190 | bool lib_rejected = false, ref_rejected = false; |
43 | 190 | |
44 | 190 | try |
45 | 190 | { |
46 | 190 | uint8_t valid_mask = 0; |
47 | 190 | Botan::secure_vector<uint8_t> decoded = (static_cast<Botan::EME*>(&pkcs1))->unpad(valid_mask, in, len); |
48 | 190 | |
49 | 190 | if(valid_mask == 0) |
50 | 118 | lib_rejected = true; |
51 | 72 | else if(valid_mask == 0xFF) |
52 | 72 | lib_rejected = false; |
53 | 72 | else |
54 | 72 | FUZZER_WRITE_AND_CRASH("Invalid valid_mask from unpad"); |
55 | 190 | } |
56 | 190 | catch(Botan::Decoding_Error&) { lib_rejected = true; } |
57 | 190 | |
58 | 190 | try |
59 | 190 | { |
60 | 190 | ref_result = simple_pkcs1_unpad(in, len); |
61 | 190 | } |
62 | 190 | catch(Botan::Decoding_Error& e) { ref_rejected = true; } |
63 | 190 | |
64 | 190 | if(lib_rejected == true && ref_rejected == false) |
65 | 0 | { |
66 | 0 | FUZZER_WRITE_AND_CRASH("Library rejected input accepted by ref " |
67 | 0 | << Botan::hex_encode(ref_result)); |
68 | 0 | } |
69 | 190 | else if(ref_rejected == true && lib_rejected == false) |
70 | 0 | { |
71 | 0 | FUZZER_WRITE_AND_CRASH("Library accepted input rejected by ref " |
72 | 0 | << Botan::hex_encode(lib_result)); |
73 | 0 | } |
74 | 190 | // otherwise the two implementations agree |
75 | 190 | } |