/src/botan/src/fuzzer/pkcs1.cpp

Source (jump to first uncovered line)
/*
* (C) 2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include "fuzzers.h"

#include <botan/eme_pkcs.h>
#include <botan/hex.h>

namespace {

std::vector<uint8_t> simple_pkcs1_unpad(const uint8_t in[], size_t len)
   {
   if(len < 10)
      throw Botan::Decoding_Error("bad len");

   if(in[0] != 0 || in[1] != 2)
      throw Botan::Decoding_Error("bad header field");

   for(size_t i = 2; i < len; ++i)
      {
      if(in[i] == 0)
         {
         if(i < 10) // at least 8 padding bytes required
            throw Botan::Decoding_Error("insufficient padding bytes");
         return std::vector<uint8_t>(in + i + 1, in + len);
         }
      }

   throw Botan::Decoding_Error("delim not found");
   }

}

void fuzz(const uint8_t in[], size_t len)
   {
   static Botan::EME_PKCS1v15 pkcs1;

   Botan::secure_vector<uint8_t> lib_result;
   std::vector<uint8_t> ref_result;
   bool lib_rejected = false, ref_rejected = false;

   try
      {
      uint8_t valid_mask = 0;
      Botan::secure_vector<uint8_t> decoded = (static_cast<Botan::EME*>(&pkcs1))->unpad(valid_mask, in, len);

      if(valid_mask == 0)
         lib_rejected = true;
      else if(valid_mask == 0xFF)
         lib_rejected = false;
      else
         FUZZER_WRITE_AND_CRASH("Invalid valid_mask from unpad");
      }
   catch(Botan::Decoding_Error&) { lib_rejected = true; }

   try
      {
      ref_result = simple_pkcs1_unpad(in, len);
      }
   catch(Botan::Decoding_Error& e) { ref_rejected = true; }

   if(lib_rejected == true && ref_rejected == false)
      {
      FUZZER_WRITE_AND_CRASH("Library rejected input accepted by ref "
                             << Botan::hex_encode(ref_result));
      }
   else if(ref_rejected == true && lib_rejected == false)
      {
      FUZZER_WRITE_AND_CRASH("Library accepted input rejected by ref "
                             << Botan::hex_encode(lib_result));
      }
   // otherwise the two implementations agree
   }

Line	Count	Source (jump to first uncovered line)
1		/*
2		* (C) 2015,2016 Jack Lloyd
3		*
4		* Botan is released under the Simplified BSD License (see license.txt)
5		*/
6		#include "fuzzers.h"
7
8		#include <botan/eme_pkcs.h>
9		#include <botan/hex.h>
10
11		namespace {
12
13		std::vector<uint8_t> simple_pkcs1_unpad(const uint8_t in[], size_t len)
14	190	{
15	190	if(len < 10)
16	10	throw Botan::Decoding_Error("bad len");
17	180
18	180	if(in[0] != 0 \|\| in[1] != 2)
19	87	throw Botan::Decoding_Error("bad header field");
20	93
21	45.7k	for(size_t i = 2; i < len; ++i)
22	45.7k	{
23	45.7k	if(in[i] == 0)
24	84	{
25	84	if(i < 10) // at least 8 padding bytes required
26	12	throw Botan::Decoding_Error("insufficient padding bytes");
27	72	return std::vector<uint8_t>(in + i + 1, in + len);
28	72	}
29	45.7k	}
30	93
31	93	throw Botan::Decoding_Error("delim not found");
32	93	}
33
34		}
35
36		void fuzz(const uint8_t in[], size_t len)
37	190	{
38	190	static Botan::EME_PKCS1v15 pkcs1;
39	190
40	190	Botan::secure_vector<uint8_t> lib_result;
41	190	std::vector<uint8_t> ref_result;
42	190	bool lib_rejected = false, ref_rejected = false;
43	190
44	190	try
45	190	{
46	190	uint8_t valid_mask = 0;
47	190	Botan::secure_vector<uint8_t> decoded = (static_cast<Botan::EME*>(&pkcs1))->unpad(valid_mask, in, len);
48	190
49	190	if(valid_mask == 0)
50	118	lib_rejected = true;
51	72	else if(valid_mask == 0xFF)
52	72	lib_rejected = false;
53	72	else
54	72	FUZZER_WRITE_AND_CRASH("Invalid valid_mask from unpad");
55	190	}
56	190	catch(Botan::Decoding_Error&) { lib_rejected = true; }
57	190
58	190	try
59	190	{
60	190	ref_result = simple_pkcs1_unpad(in, len);
61	190	}
62	190	catch(Botan::Decoding_Error& e) { ref_rejected = true; }
63	190
64	190	if(lib_rejected == true && ref_rejected == false)
65	0	{
66	0	FUZZER_WRITE_AND_CRASH("Library rejected input accepted by ref "
67	0	<< Botan::hex_encode(ref_result));
68	0	}
69	190	else if(ref_rejected == true && lib_rejected == false)
70	0	{
71	0	FUZZER_WRITE_AND_CRASH("Library accepted input rejected by ref "
72	0	<< Botan::hex_encode(lib_result));
73	0	}
74	190	// otherwise the two implementations agree
75	190	}

Coverage Report

Created: 2020-05-23 13:54