totp

Simple cli tool for storing TOTP secrets and generating tokens
git clone https://git.inz.fi/totp/
Log | Files | Refs | Submodules
commit 1195b89de4248d5c0a1d79148c499ba7011b894b
parent 6db6c6fec6fabedb82cc062791fa645208773aa7
Author: Santtu Lakkala <santtu.lakkala@digital14.com>
Date:   Mon, 25 Sep 2023 14:08:50 +0300

Add fuzz tests

Diffstat:

MMakefile | 19++++++++++++++++++-


Afuzzdb.c | 76++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Afuzzuri.c | 22++++++++++++++++++++++


Rtests/test.db -> tests/dbs/test.db | 0


Rtests/test.legacy.db -> tests/dbs/test.legacy.db | 0


Mtests/test.sh | 4++--


Atests/uris/SHA1.keyuri | 1+


Atests/uris/SHA256.keyuri | 1+


Atests/uris/SHA512.keyuri | 1+


9 files changed, 121 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
@@ -1,4 +1,6 @@
 .POSIX:
+AFLCC = afl-clang-fast
+AFLFUZZ = afl-fuzz
 CFLAGS = -W -Wall -Wextra -pedantic -std=c99 -Os
 AES_CFLAGS += -DECB=0 -DCBC=1 -DCTR=0 -DAES256=1
 SOURCES = sha1.c sha256.c sha512.c tiny-AES-c/aes.c main.c util.c db.c token.c
@@ -38,6 +40,21 @@ test: algotest ${NAME}
 	./algotest
 	cd tests; ./test.sh ../${NAME}
 
+fuzzdb: fuzzdb.c
+	${AFLCC} fuzzdb.c -o fuzzdb -fsanitize=undefined,address
+
+test/fuzz-crashes:
+	mkdir tests/fuzz-crashes
+
+db-fuzz: fuzzdb tests/fuzz-crashes
+	${AFLFUZZ} -i tests/dbs -o tests/fuzz-crashes ./fuzzdb
+
+fuzzuri: fuzzuri.c
+	${AFLCC} fuzzuri.c -o fuzzuri -fsanitize=undefined,address
+
+uri-fuzz: fuzzuri tests/fuzz-crashes
+	${AFLFUZZ} -i tests/uris -o tests/fuzz-crashes ./fuzzuri
+
 .c.o:
 	${CC} -c $< -o $@ ${CFLAGS} ${AES_CFLAGS}
 
@@ -88,4 +105,4 @@ util.o: util.h
 
 ${OBJS} ${TEST_OBJS}: Makefile
 
-.PHONY: test depend all debug unity
+.PHONY: test depend all debug unity db-fuzz uri-fuzz
diff --git a/fuzzdb.c b/fuzzdb.c
@@ -0,0 +1,76 @@
+#include "util.c"
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <fcntl.h>
+#ifndef RAW_DB
+#define AES256 1
+#include "tiny-AES-c/aes.c"
+#endif
+#include "tiny-AES-c/aes.h"
+ssize_t my_read(int fd, void *buf, size_t count);
+#define read my_read
+#define open(...) 0
+#ifdef RAW_DB
+#define AES_init_ctx_iv(...)
+#define AES_CBC_decrypt_buffer(...)
+#define AES_CBC_encrypt_buffer(...)
+#endif
+#include "db.c"
+#undef read
+#undef open
+
+#ifndef RAW_DB
+uint8_t keybuf[AES_BLOCKLEN + AES_KEYLEN] = {
+	0xc7, 0x14, 0x90, 0xfc, 0x24, 0xaa, 0x3d, 0x19, 0xe1, 0x12, 0x82, 0xda, 0x77, 0x03, 0x2d, 0xd9, 0xcd, 0xb3, 0x31, 0x03, 0xc8, 0xd3, 0xda, 0x46, 0x29, 0xc7, 0x1c, 0x1b, 0xe7, 0xf8, 0x06, 0xa7, 0x0b, 0x3c, 0x1c, 0x17, 0x74, 0xf0, 0xd5, 0x34, 0x1b, 0xe3, 0x24, 0xef, 0xde, 0xac, 0x9d, 0x9e
+};
+#endif
+
+ssize_t       len;
+ssize_t       buf_pos;
+char *src = NULL;
+
+__AFL_FUZZ_INIT();
+
+void dummy_cb(struct token *token, void *data)
+{
+	char buffer[256];
+	memcpy(buffer, token->key.data, token->key.end - token->key.data);
+	memcpy(buffer, token->desc.data, token->desc.end - token->desc.data);
+	memcpy(buffer, token->issuer.data, token->issuer.end - token->issuer.data);
+}
+
+ssize_t my_read(int fd, void *buf, size_t count)
+{
+	(void)fd;
+
+	ssize_t n;
+	if (count < len - buf_pos)
+		n = count;
+	else
+		n = len - buf_pos;
+
+	memcpy(buf, src + buf_pos, n);
+	return n;
+}
+
+int main(void)
+{
+	__AFL_INIT();
+	unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
+	while (__AFL_LOOP(10000)) {
+#ifndef RAW_DB
+		struct AES_ctx aes;
+#endif
+		len = __AFL_FUZZ_TESTCASE_LEN;
+		src = realloc(src, len + 1);
+		buf_pos = 0;
+		memcpy(src, buf, len);
+		src[len] = '\0';
+		if (db_open_read(NULL, &aes, keybuf) < 0)
+			continue;
+		db_foreach(0, &aes, dummy_cb, NULL);
+	}
+
+	return 0;
+}
diff --git a/fuzzuri.c b/fuzzuri.c
@@ -0,0 +1,22 @@
+#include "token.c"
+#include "util.c"
+#include <stdlib.h>
+#include <unistd.h>
+
+__AFL_FUZZ_INIT();
+
+int main(void)
+{
+	__AFL_INIT();
+	char *src = NULL;
+	unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
+	while (__AFL_LOOP(10000)) {
+		int len = __AFL_FUZZ_TESTCASE_LEN;
+		src = realloc(src, len + 1);
+		memcpy(src, buf, len);
+		src[len] = '\0';
+		token_parse_uri(src);
+	}
+
+	return 0;
+}
diff --git a/tests/test.db b/tests/dbs/test.db
Binary files differ.
diff --git a/tests/test.legacy.db b/tests/dbs/test.legacy.db
diff --git a/tests/test.sh b/tests/test.sh
@@ -69,7 +69,7 @@ FOO
 }
 
 existdb() {
-	"$BIN" -K test.pw -f test.db -l >"$TMP"
+	"$BIN" -K test.pw -f dbs/test.db -l >"$TMP"
 	diff "$TMP" - <<FOO
 SHA1 by RFC6238
 SHA256 by RFC6238
@@ -78,7 +78,7 @@ FOO
 }
 
 legacydb() {
-	"$BIN" -K test.pw -f test.legacy.db -l >"$TMP"
+	"$BIN" -K test.pw -f dbs/test.legacy.db -l >"$TMP"
 	diff "$TMP" - <<FOO
 SHA1 by RFC6238
 SHA256 by RFC6238
diff --git a/tests/uris/SHA1.keyuri b/tests/uris/SHA1.keyuri
@@ -0,0 +1 @@
+otpauth://totp/RFC6238:SHA1?secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ&issuer=RFC6238&algorithm=SHA1&digits=8&period=30
diff --git a/tests/uris/SHA256.keyuri b/tests/uris/SHA256.keyuri
@@ -0,0 +1 @@
+otpauth://totp/RFC6238:SHA256?secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZA&issuer=RFC6238&algorithm=SHA256&digits=8&period=30
diff --git a/tests/uris/SHA512.keyuri b/tests/uris/SHA512.keyuri
@@ -0,0 +1 @@
+otpauth://totp/RFC6238:SHA512?secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNA&issuer=RFC6238&algorithm=SHA512&digits=8&period=30