10 files changed, 279 insertions, 10 deletions

diff --git a/Makefile b/Makefile
index cbdb948..fca9576 100644
--- a/Makefile
+++ b/Makefile
@@ -4,8 +4,11 @@ BUILD_DIR := build
 RELEASE_OPTIMIZE_FLAGS ?= -g -O3
 DEBUG_OPTIMIZE_FLAGS ?= -g -O0
 JS_OPTIMIZE_FLAGS ?= -O3
+FUZZING_OPTIMIZE_FLAGS ?= -O3
 CC = gcc
 EMCC = emcc
+AFL_CC = afl_gcc
+AFL_CXX = afl-g++
 RELEASE_TARGET := $(BUILD_DIR)/libolm.so
 DEBUG_TARGET := $(BUILD_DIR)/libolm_debug.so
 JS_TARGET := javascript/olm.js
@@ -17,6 +20,10 @@ PUBLIC_HEADERS := include/olm/olm.h
 SOURCES := $(wildcard src/*.cpp) $(wildcard src/*.c)
 RELEASE_OBJECTS := $(patsubst src/%,$(BUILD_DIR)/release/%,$(patsubst %.c,%.o,$(patsubst %.cpp,%.o,$(SOURCES))))
 DEBUG_OBJECTS := $(patsubst src/%,$(BUILD_DIR)/debug/%,$(patsubst %.c,%.o,$(patsubst %.cpp,%.o,$(SOURCES))))
+FUZZER_OBJECTS := $(patsubst src/%,$(BUILD_DIR)/fuzzers/objects/%,$(patsubst %.c,%.o,$(patsubst %.cpp,%.o,$(SOURCES))))
+FUZZER_SOURCES := $(wildcard fuzzers/fuzz_*.cpp) $(wildcard fuzzers/fuzz_*.c)
+FUZZER_BINARIES := $(patsubst fuzzers/%,$(BUILD_DIR)/fuzzers/%,$(patsubst %.c,%,$(patsubst %.cpp,%,$(FUZZER_SOURCES))))
+FUZZER_DEBUG_BINARIES := $(patsubst $(BUILD_DIR)/fuzzers/fuzz_%,$(BUILD_DIR)/fuzzers/debug_%,$(FUZZER_BINARIES))
 TEST_SOURCES := $(wildcard tests/test_*.cpp) $(wildcard tests/test_*.c)
 TEST_BINARIES := $(patsubst tests/%,$(BUILD_DIR)/tests/%,$(patsubst %.c,%,$(patsubst %.cpp,%,$(TEST_SOURCES))))
 JS_OBJECTS := $(patsubst src/%,$(BUILD_DIR)/javascript/%,$(patsubst %.c,%.js.bc,$(patsubst %.cpp,%.js.bc,$(SOURCES))))
@@ -24,7 +31,8 @@ JS_PRE := $(wildcard javascript/*pre.js)
 JS_POST := $(wildcard javascript/*post.js)
 
 CPPFLAGS += -Iinclude -Ilib
-CFLAGS += -Wall -Werror -std=c89 -fPIC
+# we rely on <stdint.h>, which was introduced in C99
+CFLAGS += -Wall -Werror -std=c99 -fPIC
 CXXFLAGS += -Wall -Werror -std=c++11 -fPIC
 LDFLAGS += -Wall -Werror
 
@@ -37,6 +45,11 @@ EMCC.c = $(EMCC) $(CFLAGS) $(CPPFLAGS) -c
 EMCC.cc = $(EMCC) $(CXXFLAGS) $(CPPFLAGS) -c
 EMCC_LINK = $(EMCC) $(LDFLAGS) $(EMCCFLAGS)
 
+AFL.c = $(AFL_CC) $(CFLAGS) $(CPPFLAGS) -c
+AFL.cc = $(AFL_CXX) $(CXXFLAGS) $(CPPFLAGS) -c
+AFL_LINK.c = $(AFL_CC) $(LDFLAGS) $(CFLAGS) $(CPPFLAGS)
+AFL_LINK.cc = $(AFL_CXX) $(LDFLAGS) $(CXXFLAGS) $(CPPFLAGS)
+
 # generate .d files when compiling
 CPPFLAGS += -MMD
 
@@ -51,7 +64,14 @@ $(DEBUG_OBJECTS): CXXFLAGS += $(DEBUG_OPTIMIZE_FLAGS)
 $(DEBUG_TARGET): LDFLAGS += $(DEBUG_OPTIMIZE_FLAGS)
 
 $(TEST_BINARIES): CPPFLAGS += -Itests/include
-$(TEST_BINARIES): LDFLAGS += $(TEST_OPTIMIZE_FLAGS) -L$(BUILD_DIR)
+$(TEST_BINARIES): LDFLAGS += $(DEBUG_OPTIMIZE_FLAGS) -L$(BUILD_DIR)
+
+$(FUZZER_OBJECTS): CFLAGS += $(FUZZER_OPTIMIZE_FLAGS)
+$(FUZZER_OBJECTS): CXXFLAGS += $(FUZZER_OPTIMIZE_FLAGS)
+$(FUZZER_BINARIES): CPPFLAGS += -Ifuzzers/include
+$(FUZZER_BINARIES): LDFLAGS += $(FUZZER_OPTIMIZE_FLAGS) -L$(BUILD_DIR)
+$(FUZZER_DEBUG_BINARIES): CPPFLAGS += -Ifuzzers/include
+$(FUZZER_DEBUG_BINARIES): LDFLAGS += $(DEBUG_OPTIMIZE_FLAGS)
 
 $(JS_OBJECTS): CFLAGS += $(JS_OPTIMIZE_FLAGS)
 $(JS_OBJECTS): CXXFLAGS += $(JS_OPTIMIZE_FLAGS)
@@ -65,9 +85,11 @@ lib: $(RELEASE_TARGET)
 # Make sure that the build directory exists.
 # We can't check the build directory into git because it is empty.
 makedirs:
-	mkdir -p $(BUILD_DIR)/release $(BUILD_DIR)/debug $(BUILD_DIR)/javascript $(BUILD_DIR)/tests
+	mkdir -p $(BUILD_DIR)/release $(BUILD_DIR)/debug $(BUILD_DIR)/javascript\
+            $(BUILD_DIR)/tests $(BUILD_DIR)/fuzzers/objects
 .PHONY: makedirs
 
+
 $(RELEASE_TARGET): $(RELEASE_OBJECTS)
 	$(CXX) $(LDFLAGS) --shared -fPIC \
             -Wl,--version-script,version_script.ver \
@@ -81,7 +103,6 @@ $(DEBUG_TARGET): $(DEBUG_OBJECTS)
             -Wl,--version-script,version_script.ver \
             $(OUTPUT_OPTION) $(DEBUG_OBJECTS)
 
-
 js: $(JS_TARGET)
 .PHONY: js
 
@@ -96,8 +117,11 @@ clean:;
                $(DEBUG_OBJECTS) $(DEBUG_OBJECTS:.o=.d) \
                $(TEST_BINARIES) $(TEST_BINARIES:=.d) \
                $(JS_OBJECTS) $(JS_OBJECTS:.bc=.d) $(JS_TARGET) \
-               $(JS_EXPORTED_FUNCTIONS) \
+               $(JS_EXPORTED_FUNCTIONS)\
                $(RELEASE_TARGET) $(DEBUG_TARGET)\
+               $(FUZZER_OBJECTS) $(FUZZER_OBJECTS:.o=.d)\
+               $(FUZZER_BINARIES) $(FUZZER_BINARIES:=.d)\
+               $(FUZZER_DEBUG_BINARIES) $(FUZZER_DEBUG_BINARIES:=.d)\
 
 build_tests: $(TEST_BINARIES)
 
@@ -107,6 +131,9 @@ test: build_tests
 	    $$i || exit $$?; \
 	done
 
+fuzzers: $(FUZZER_BINARIES) $(FUZZER_DEBUG_BINARIES)
+.PHONY: fuzzers
+
 $(JS_EXPORTED_FUNCTIONS): $(PUBLIC_HEADERS)
 	perl -MJSON -ne '/(olm_[^( ]*)\(/ && push @f, "_$$1"; END { print encode_json \@f }' $^ > $@.tmp
 	mv $@.tmp $@
@@ -139,6 +166,23 @@ $(BUILD_DIR)/tests/%: tests/%.c $(DEBUG_OBJECTS)
 $(BUILD_DIR)/tests/%: tests/%.cpp $(DEBUG_OBJECTS)
 	$(LINK.cc) $< $(DEBUG_OBJECTS) $(LOADLIBES) $(LDLIBS) -o $@
 
+$(BUILD_DIR)/fuzzers/objects/%.o: src/%.c | makedirs
+	$(AFL.c) $(OUTPUT_OPTION) $<
+
+$(BUILD_DIR)/fuzzers/objects/%.o: src/%.cpp | makedirs
+	$(AFL.cc) $(OUTPUT_OPTION) $<
+
+$(BUILD_DIR)/fuzzers/fuzz_%: fuzzers/fuzz_%.c $(FUZZER_OBJECTS)
+	$(AFL_LINK.c) $< $(FUZZER_OBJECTS) $(LOADLIBES) $(LDLIBS) -o $@
+
+$(BUILD_DIR)/fuzzers/fuzz_%: fuzzers/fuzz_%.cpp $(FUZZER_OBJECTS)
+	$(AFL_LINK.cc) $< $(FUZZER_OBJECTS) $(LOADLIBES) $(LDLIBS) -o $@
+
+$(BUILD_DIR)/fuzzers/debug_%: fuzzers/fuzz_%.c $(DEBUG_OBJECTS)
+	$(LINK.c) $< $(DEBUG_OBJECTS) $(LOADLIBES) $(LDLIBS) -o $@
+
+$(BUILD_DIR)/fuzzers/debug_%: fuzzers/fuzz_%.cpp $(DEBUG_OBJECTS)
+	$(LINK.cc) $< $(DEBUG_OBJECTS) $(LOADLIBES) $(LDLIBS) -o $@
 
 ### dependencies
 
@@ -146,3 +190,6 @@ $(BUILD_DIR)/tests/%: tests/%.cpp $(DEBUG_OBJECTS)
 -include $(DEBUG_OBJECTS:.o=.d)
 -include $(JS_OBJECTS:.bc=.d)
 -include $(TEST_BINARIES:=.d)
+-include $(FUZZER_OBJECTS:.o=.d)
+-include $(FUZZER_BINARIES:=.d)
+-include $(FUZZER_DEBUG_BINARIES:=.d)
diff --git a/fuzzers/fuzz_decode_message.cpp b/fuzzers/fuzz_decode_message.cpp
new file mode 100644
index 0000000..2ef734c
--- /dev/null
+++ b/fuzzers/fuzz_decode_message.cpp
@@ -0,0 +1,14 @@
+#include "olm/message.hh"
+#include "fuzzing.hh"
+
+int main(int argc, const char *argv[]) {
+    int message_fd = STDIN_FILENO;
+    uint8_t * message_buffer;
+    ssize_t message_length = check_errno(
+        "Error reading message file", read_file(message_fd, &message_buffer)
+    );
+    olm::MessageReader * reader = new olm::MessageReader;
+    decode_message(*reader, message_buffer, message_length, 8);
+    free(message_buffer);
+    delete reader;
+}
diff --git a/fuzzers/fuzz_decrypt.cpp b/fuzzers/fuzz_decrypt.cpp
new file mode 100644
index 0000000..6116934
--- /dev/null
+++ b/fuzzers/fuzz_decrypt.cpp
@@ -0,0 +1,64 @@
+#include "olm/olm.hh"
+
+#include "fuzzing.hh"
+
+int main(int argc, const char *argv[]) {
+    size_t ignored;
+    if (argc <= 3) {
+        const char * message = "Usage: decrypt: <session_key> <session_file>"
+            " <message_type>\n";
+        ignored = write(STDERR_FILENO, message, strlen(message));
+        exit(3);
+    }
+
+    const char * key = argv[1];
+    size_t key_length = strlen(key);
+
+
+    int session_fd = check_errno(
+        "Error opening session file", open(argv[2], O_RDONLY)
+    );
+
+    int message_type = atoi(argv[3]);
+
+    uint8_t *session_buffer;
+    ssize_t session_length = check_errno(
+        "Error reading session file", read_file(session_fd, &session_buffer)
+    );
+
+    int message_fd = STDIN_FILENO;
+    uint8_t * message_buffer;
+    ssize_t message_length = check_errno(
+        "Error reading message file", read_file(message_fd, &message_buffer)
+    );
+
+    uint8_t * tmp_buffer = (uint8_t *) malloc(message_length);
+    memcpy(tmp_buffer, message_buffer, message_length);
+
+    uint8_t session_memory[olm_session_size()];
+    OlmSession * session = olm_session(session_memory);
+    check_session(session, "Error unpickling session", olm_unpickle_session(
+        session, key, key_length, session_buffer, session_length
+    ));
+
+    size_t max_length = check_session(
+        session,
+        "Error getting plaintext length",
+        olm_decrypt_max_plaintext_length(
+            session, message_type, tmp_buffer, message_length
+        )
+    );
+
+    uint8_t plaintext[max_length];
+
+    size_t length = check_session(
+        session, "Error decrypting message", olm_decrypt(
+            session, message_type,
+            message_buffer, message_length,
+            plaintext, max_length
+        )
+    );
+
+    ignored = write(STDOUT_FILENO, plaintext, length);
+    ignored = write(STDOUT_FILENO, "\n", 1);
+}
diff --git a/fuzzers/fuzz_unpickle_account.cpp b/fuzzers/fuzz_unpickle_account.cpp
new file mode 100644
index 0000000..12c6d9b
--- /dev/null
+++ b/fuzzers/fuzz_unpickle_account.cpp
@@ -0,0 +1,14 @@
+#include "olm/account.hh"
+#include "fuzzing.hh"
+
+int main(int argc, const char *argv[]) {
+    int pickle_fd = STDIN_FILENO;
+    uint8_t * pickle_buffer;
+    ssize_t pickle_length = check_errno(
+        "Error reading pickle file", read_file(pickle_fd, &pickle_buffer)
+    );
+    olm::Account * account = new olm::Account;
+    unpickle(pickle_buffer, pickle_buffer + pickle_length, *account);
+    free(pickle_buffer);
+    delete account;
+}
diff --git a/fuzzers/fuzz_unpickle_session.cpp b/fuzzers/fuzz_unpickle_session.cpp
new file mode 100644
index 0000000..6edbc96
--- /dev/null
+++ b/fuzzers/fuzz_unpickle_session.cpp
@@ -0,0 +1,14 @@
+#include "olm/session.hh"
+#include "fuzzing.hh"
+
+int main(int argc, const char *argv[]) {
+    int pickle_fd = STDIN_FILENO;
+    uint8_t * pickle_buffer;
+    ssize_t pickle_length = check_errno(
+        "Error reading pickle file", read_file(pickle_fd, &pickle_buffer)
+    );
+    olm::Session * session = new olm::Session;
+    unpickle(pickle_buffer, pickle_buffer + pickle_length, *session);
+    free(pickle_buffer);
+    delete session;
+}
diff --git a/fuzzers/include/fuzzing.hh b/fuzzers/include/fuzzing.hh
new file mode 100644
index 0000000..e4f5eb9
--- /dev/null
+++ b/fuzzers/include/fuzzing.hh
@@ -0,0 +1,72 @@
+#include "olm/olm.hh"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stddef.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+
+ssize_t read_file(
+    int fd,
+    uint8_t **buffer
+) {
+    size_t buffer_size = 4096;
+    uint8_t * current_buffer = (uint8_t *) malloc(buffer_size);
+    if (current_buffer == NULL) return -1;
+    size_t buffer_pos = 0;
+    while (1) {
+        ssize_t count = read(
+            fd, current_buffer + buffer_pos, buffer_size - buffer_pos
+        );
+        if (count < 0) break;
+        if (count == 0) {
+            uint8_t * return_buffer = (uint8_t *) realloc(current_buffer, buffer_pos);
+            if (return_buffer == NULL) break;
+            *buffer = return_buffer;
+            return buffer_pos;
+        }
+        buffer_pos += count;
+        if (buffer_pos == buffer_size) {
+            buffer_size *= 2;
+            uint8_t * new_buffer = (uint8_t *) realloc(current_buffer, buffer_size);
+            if (new_buffer == NULL) break;
+            current_buffer = new_buffer;
+        }
+    }
+    free(current_buffer);
+    return -1;
+}
+
+template<typename T>
+T check_errno(
+    const char * message,
+    T value
+) {
+    if (value == T(-1)) {
+        perror(message);
+        exit(1);
+    }
+    return value;
+}
+
+size_t check_session(
+    OlmSession * session,
+    const char * message,
+    size_t value
+) {
+    if (value == olm_error()) {
+        const char * olm_message = olm_session_last_error(session);
+        ssize_t ignored;
+        ignored = write(STDERR_FILENO, message, strlen(message));
+        ignored = write(STDERR_FILENO, ": ", 2);
+        ignored = write(STDERR_FILENO, olm_message, strlen(olm_message));
+        ignored = write(STDERR_FILENO, "\n", 1);
+        exit(2);
+        return ignored;
+    }
+    return value;
+}
diff --git a/jenkins.sh b/jenkins.sh
new file mode 100755
index 0000000..c1efcb9
--- /dev/null
+++ b/jenkins.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+make clean
+make lib
+make test
+
+./python/test_olm.sh
diff --git a/python/olm/__main__.py b/python/olm/__main__.py
index 3fcf24d..a34d52a 100755
--- a/python/olm/__main__.py
+++ b/python/olm/__main__.py
@@ -1,5 +1,7 @@
 #! /usr/bin/env python
 
+from __future__ import print_function
+
 import argparse
 import json
 import os
@@ -51,6 +53,39 @@ def build_arg_parser():
 
     keys.set_defaults(func=do_keys)
 
+    def do_id_key(args):
+        account = Account()
+        with open(args.account_file, "rb") as f:
+            account.unpickle(args.key, f.read())
+        print(account.identity_keys()['curve25519'])
+
+    id_key = commands.add_parser("identity_key", help="Get the identity key for an account")
+    id_key.add_argument("account_file", help="Local account file")
+    id_key.set_defaults(func=do_id_key)
+
+    def do_one_time_key(args):
+        account = Account()
+        with open(args.account_file, "rb") as f:
+            account.unpickle(args.key, f.read())
+        keys = account.one_time_keys()['curve25519'].values()
+        key_num = args.key_num
+        if key_num < 1 or key_num > len(keys):
+            print(
+                "Invalid key number %i: %i keys available" %
+                   (key_num, len(keys)),
+                file=sys.stderr
+            )
+            sys.exit(1)
+        print (keys[key_num-1])
+
+    one_time_key = commands.add_parser("one_time_key",
+                                       help="Get a one-time key for the account")
+    one_time_key.add_argument("account_file", help="Local account file")
+    one_time_key.add_argument("--key-num", "-n", type=int, default=1,
+                              help="Index of key to retrieve (default: 1)")
+    one_time_key.set_defaults(func=do_one_time_key)
+
+
     sign = commands.add_parser("sign", help="Sign a message")
     sign.add_argument("account_file", help="Local account file")
     sign.add_argument("message_file", help="Message to sign")
diff --git a/python/test_olm.sh b/python/test_olm.sh
index da69581..989e166 100755
--- a/python/test_olm.sh
+++ b/python/test_olm.sh
@@ -1,5 +1,7 @@
 #! /bin/bash
 
+cd `dirname $0`
+
 OLM="python -m olm"
 
 ALICE_ACCOUNT=alice.account
@@ -17,8 +19,8 @@ $OLM create_account $ALICE_ACCOUNT
 $OLM create_account $BOB_ACCOUNT
 $OLM generate_keys $BOB_ACCOUNT 1
 
-BOB_IDENTITY_KEY="$($OLM keys --json $BOB_ACCOUNT | jq -r .account_keys.curve25519)"
-BOB_ONE_TIME_KEY="$($OLM keys --json $BOB_ACCOUNT | jq -r '.one_time_keys.curve25519|to_entries[0].value')"
+BOB_IDENTITY_KEY="$($OLM identity_key $BOB_ACCOUNT)"
+BOB_ONE_TIME_KEY="$($OLM one_time_key $BOB_ACCOUNT)"
 
 $OLM outbound $ALICE_ACCOUNT $ALICE_SESSION "$BOB_IDENTITY_KEY" "$BOB_ONE_TIME_KEY"
 
diff --git a/src/libs.cpp b/src/libs.c
index 6757574..4304354 100644
--- a/src/libs.cpp
+++ b/src/libs.c
@@ -1,4 +1,4 @@
-/* Copyright 2015 OpenMarket Ltd
+/* Copyright 2015-6 OpenMarket Ltd
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,7 +12,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-extern "C" {
 #include "crypto-algorithms/sha256.c"
 #include "crypto-algorithms/aes.c"
 #include "curve25519-donna/curve25519-donna.c"
@@ -24,4 +23,3 @@ extern "C" {
 #include "ed25519/src/verify.c"
 #include "ed25519/src/sign.c"
 #include "ed25519_additions.c"
-}