/src/node/test/fuzzers/fuzz_sign_verify.cc
Line | Count | Source |
1 | | // Copyright 2025 Google LLC |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <cstdint> |
16 | | #include <string> |
17 | | #include "fuzzer/FuzzedDataProvider.h" |
18 | | #include "fuzz_common.h" |
19 | | #include "fuzz_js_format.h" |
20 | | |
21 | 22.0k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
22 | 22.0k | FuzzedDataProvider fdp(data, size); |
23 | | |
24 | | // Use all remaining bytes as the message string |
25 | 22.0k | const std::string message = fdp.ConsumeRemainingBytesAsString(); |
26 | | |
27 | | // JS template to fuzz crypto signing/verifying using Node.js |
28 | 22.0k | static constexpr std::string_view kTemplate = R"( |
29 | 22.0k | const crypto = require('crypto'); |
30 | 22.0k | |
31 | 22.0k | // Generate an RSA key pair (per fuzz run) |
32 | 22.0k | const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', { |
33 | 22.0k | modulusLength: 2048 |
34 | 22.0k | }); |
35 | 22.0k | |
36 | 22.0k | // The fuzzed message |
37 | 22.0k | const message = {0}; |
38 | 22.0k | |
39 | 22.0k | // --- SIGNING --- |
40 | 22.0k | try { |
41 | 22.0k | const signer = crypto.createSign('SHA256'); |
42 | 22.0k | signer.update(message); |
43 | 22.0k | signer.end(); |
44 | 22.0k | const signature = signer.sign(privateKey, 'base64'); |
45 | 22.0k | |
46 | 22.0k | // --- VERIFYING --- |
47 | 22.0k | const verifier = crypto.createVerify('SHA256'); |
48 | 22.0k | verifier.update(message); |
49 | 22.0k | verifier.end(); |
50 | 22.0k | const isValid = verifier.verify(publicKey, signature, 'base64'); |
51 | 22.0k | } catch (e) { |
52 | 22.0k | // Catch errors to prevent harness crashes |
53 | 22.0k | } |
54 | 22.0k | )"; |
55 | | |
56 | | // Inject the fuzzed message into the JS template |
57 | 22.0k | const std::string js = FormatJs(kTemplate, ToSingleQuotedJsLiteral(message)); |
58 | | |
59 | | // Execute the JavaScript under a Node isolate |
60 | 22.0k | fuzz::IsolateScope iso; |
61 | 22.0k | if (!iso.ok()) return 0; |
62 | 22.0k | fuzz::RunEnvString(iso.isolate(), js.c_str()); |
63 | | |
64 | 22.0k | return 0; |
65 | 22.0k | } |