/src/botan/src/fuzzer/pkcs1.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * (C) 2015,2016 Jack Lloyd |
3 | | * |
4 | | * Botan is released under the Simplified BSD License (see license.txt) |
5 | | */ |
6 | | #include "fuzzers.h" |
7 | | |
8 | | #include <botan/internal/eme_pkcs.h> |
9 | | #include <botan/hex.h> |
10 | | |
11 | | namespace { |
12 | | |
13 | | std::vector<uint8_t> simple_pkcs1_unpad(const uint8_t in[], size_t len) |
14 | 188 | { |
15 | 188 | if(len < 10) |
16 | 10 | throw Botan::Decoding_Error("bad len"); |
17 | | |
18 | 178 | if(in[0] != 0 || in[1] != 2) |
19 | 51 | throw Botan::Decoding_Error("bad header field"); |
20 | | |
21 | 61.6k | for(size_t i = 2; i < len; ++i) |
22 | 61.6k | { |
23 | 61.6k | if(in[i] == 0) |
24 | 115 | { |
25 | 115 | if(i < 10) // at least 8 padding bytes required |
26 | 25 | throw Botan::Decoding_Error("insufficient padding bytes"); |
27 | 90 | return std::vector<uint8_t>(in + i + 1, in + len); |
28 | 115 | } |
29 | 61.6k | } |
30 | | |
31 | 12 | throw Botan::Decoding_Error("delim not found"); |
32 | 127 | } |
33 | | |
34 | | } |
35 | | |
36 | | void fuzz(const uint8_t in[], size_t len) |
37 | 188 | { |
38 | 188 | static Botan::EME_PKCS1v15 pkcs1; |
39 | | |
40 | 188 | Botan::secure_vector<uint8_t> lib_result; |
41 | 188 | std::vector<uint8_t> ref_result; |
42 | 188 | bool lib_rejected = false, ref_rejected = false; |
43 | | |
44 | 188 | try |
45 | 188 | { |
46 | 188 | uint8_t valid_mask = 0; |
47 | 188 | Botan::secure_vector<uint8_t> decoded = (static_cast<Botan::EME*>(&pkcs1))->unpad(valid_mask, in, len); |
48 | | |
49 | 188 | if(valid_mask == 0) |
50 | 98 | lib_rejected = true; |
51 | 90 | else if(valid_mask == 0xFF) |
52 | 90 | lib_rejected = false; |
53 | 0 | else |
54 | 0 | FUZZER_WRITE_AND_CRASH("Invalid valid_mask from unpad"); |
55 | 188 | } |
56 | 188 | catch(Botan::Decoding_Error&) { lib_rejected = true; } |
57 | | |
58 | 188 | try |
59 | 188 | { |
60 | 188 | ref_result = simple_pkcs1_unpad(in, len); |
61 | 188 | } |
62 | 188 | catch(Botan::Decoding_Error& e) { ref_rejected = true; } |
63 | | |
64 | 188 | if(lib_rejected == true && ref_rejected == false) |
65 | 0 | { |
66 | 0 | FUZZER_WRITE_AND_CRASH("Library rejected input accepted by ref " |
67 | 0 | << Botan::hex_encode(ref_result)); |
68 | 0 | } |
69 | 188 | else if(ref_rejected == true && lib_rejected == false) |
70 | 0 | { |
71 | 0 | FUZZER_WRITE_AND_CRASH("Library accepted input rejected by ref " |
72 | 0 | << Botan::hex_encode(lib_result)); |
73 | 0 | } |
74 | | // otherwise the two implementations agree |
75 | 188 | } |