aboutsummaryrefslogtreecommitdiff
path: root/fuzzers
diff options
context:
space:
mode:
Diffstat (limited to 'fuzzers')
-rw-r--r--fuzzers/README.rst50
-rw-r--r--fuzzers/fuzz_decode_message.cpp14
-rw-r--r--fuzzers/fuzz_decrypt.cpp65
-rw-r--r--fuzzers/fuzz_group_decrypt.cpp73
-rw-r--r--fuzzers/fuzz_unpickle_account.cpp14
-rw-r--r--fuzzers/fuzz_unpickle_session.cpp14
-rw-r--r--fuzzers/include/fuzzing.hh82
7 files changed, 0 insertions, 312 deletions
diff --git a/fuzzers/README.rst b/fuzzers/README.rst
deleted file mode 100644
index b6f5f9c..0000000
--- a/fuzzers/README.rst
+++ /dev/null
@@ -1,50 +0,0 @@
-Fuzzers
-=======
-
-This directory contains a collection of fuzzing tools. Each tests a different
-entry point to the code.
-
-Usage notes:
-
-1. Install AFL:
-
- .. code::
-
- apt-get install afl
-
-2. Build the fuzzers:
-
- .. code::
-
- make fuzzers
-
-3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a
- session file. You can create one by pickling an Olm session.
-
-4. Make some work directories:
-
- .. code::
-
- mkdir -p fuzzing/in fuzzing/out
-
-5. Generate starting input:
-
- .. code::
-
- echo "Test" > fuzzing/in/test
-
-6. Run the test under ``afl-fuzz``:
-
- .. code::
-
- afl-fuzz -i fuzzing/in -o fuzzing/out -- \
- ./build/fuzzers/fuzz_<fuzzing_tool> [<test args>]
-
-7. To resume with the data produced by an earlier run:
-
- .. code::
-
- afl-fuzz -i- -o existing_output_dir [...etc...]
-
-8. If it shows failures, pipe the failure case into
- ``./build/fuzzers/debug_<fuzzing_tool>``, fix, and repeat.
diff --git a/fuzzers/fuzz_decode_message.cpp b/fuzzers/fuzz_decode_message.cpp
deleted file mode 100644
index 2ef734c..0000000
--- a/fuzzers/fuzz_decode_message.cpp
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "olm/message.hh"
-#include "fuzzing.hh"
-
-int main(int argc, const char *argv[]) {
- int message_fd = STDIN_FILENO;
- uint8_t * message_buffer;
- ssize_t message_length = check_errno(
- "Error reading message file", read_file(message_fd, &message_buffer)
- );
- olm::MessageReader * reader = new olm::MessageReader;
- decode_message(*reader, message_buffer, message_length, 8);
- free(message_buffer);
- delete reader;
-}
diff --git a/fuzzers/fuzz_decrypt.cpp b/fuzzers/fuzz_decrypt.cpp
deleted file mode 100644
index 0b48060..0000000
--- a/fuzzers/fuzz_decrypt.cpp
+++ /dev/null
@@ -1,65 +0,0 @@
-#include "olm/olm.hh"
-
-#include "fuzzing.hh"
-
-int main(int argc, const char *argv[]) {
- size_t ignored;
- if (argc <= 3) {
- const char * message = "Usage: decrypt: <session_key> <session_file>"
- " <message_type>\n";
- ignored = write(STDERR_FILENO, message, strlen(message));
- exit(3);
- }
-
- const char * key = argv[1];
- size_t key_length = strlen(key);
-
-
- int session_fd = check_errno(
- "Error opening session file", open(argv[2], O_RDONLY)
- );
-
- int message_type = atoi(argv[3]);
-
- uint8_t *session_buffer;
- ssize_t session_length = check_errno(
- "Error reading session file", read_file(session_fd, &session_buffer)
- );
-
- int message_fd = STDIN_FILENO;
- uint8_t * message_buffer;
- ssize_t message_length = check_errno(
- "Error reading message file", read_file(message_fd, &message_buffer)
- );
-
- uint8_t * tmp_buffer = (uint8_t *) malloc(message_length);
- memcpy(tmp_buffer, message_buffer, message_length);
-
- uint8_t session_memory[olm_session_size()];
- OlmSession * session = olm_session(session_memory);
- check_session(session, "Error unpickling session", olm_unpickle_session(
- session, key, key_length, session_buffer, session_length
- ));
-
- size_t max_length = check_session(
- session,
- "Error getting plaintext length",
- olm_decrypt_max_plaintext_length(
- session, message_type, tmp_buffer, message_length
- )
- );
-
- uint8_t plaintext[max_length];
-
- size_t length = check_session(
- session, "Error decrypting message", olm_decrypt(
- session, message_type,
- message_buffer, message_length,
- plaintext, max_length
- )
- );
-
- ignored = write(STDOUT_FILENO, plaintext, length);
- ignored = write(STDOUT_FILENO, "\n", 1);
- return ignored;
-}
diff --git a/fuzzers/fuzz_group_decrypt.cpp b/fuzzers/fuzz_group_decrypt.cpp
deleted file mode 100644
index bb12d0e..0000000
--- a/fuzzers/fuzz_group_decrypt.cpp
+++ /dev/null
@@ -1,73 +0,0 @@
-#include "olm/olm.hh"
-
-#include "fuzzing.hh"
-
-int main(int argc, const char *argv[]) {
- size_t ignored;
- if (argc <= 2) {
- const char * message = "Usage: decrypt <pickle_key> <group_session>\n";
- ignored = write(STDERR_FILENO, message, strlen(message));
- exit(3);
- }
-
- const char * key = argv[1];
- size_t key_length = strlen(key);
-
-
- int session_fd = check_errno(
- "Error opening session file", open(argv[2], O_RDONLY)
- );
-
- uint8_t *session_buffer;
- ssize_t session_length = check_errno(
- "Error reading session file", read_file(session_fd, &session_buffer)
- );
-
- int message_fd = STDIN_FILENO;
- uint8_t * message_buffer;
- ssize_t message_length = check_errno(
- "Error reading message file", read_file(message_fd, &message_buffer)
- );
-
- uint8_t * tmp_buffer = (uint8_t *) malloc(message_length);
- memcpy(tmp_buffer, message_buffer, message_length);
-
- uint8_t session_memory[olm_inbound_group_session_size()];
- OlmInboundGroupSession * session = olm_inbound_group_session(session_memory);
- check_error(
- olm_inbound_group_session_last_error,
- session,
- "Error unpickling session",
- olm_unpickle_inbound_group_session(
- session, key, key_length, session_buffer, session_length
- )
- );
-
- size_t max_length = check_error(
- olm_inbound_group_session_last_error,
- session,
- "Error getting plaintext length",
- olm_group_decrypt_max_plaintext_length(
- session, tmp_buffer, message_length
- )
- );
-
- uint8_t plaintext[max_length];
-
- uint32_t ratchet_index;
-
- size_t length = check_error(
- olm_inbound_group_session_last_error,
- session,
- "Error decrypting message",
- olm_group_decrypt(
- session,
- message_buffer, message_length,
- plaintext, max_length, &ratchet_index
- )
- );
-
- ignored = write(STDOUT_FILENO, plaintext, length);
- ignored = write(STDOUT_FILENO, "\n", 1);
- return ignored;
-}
diff --git a/fuzzers/fuzz_unpickle_account.cpp b/fuzzers/fuzz_unpickle_account.cpp
deleted file mode 100644
index 12c6d9b..0000000
--- a/fuzzers/fuzz_unpickle_account.cpp
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "olm/account.hh"
-#include "fuzzing.hh"
-
-int main(int argc, const char *argv[]) {
- int pickle_fd = STDIN_FILENO;
- uint8_t * pickle_buffer;
- ssize_t pickle_length = check_errno(
- "Error reading pickle file", read_file(pickle_fd, &pickle_buffer)
- );
- olm::Account * account = new olm::Account;
- unpickle(pickle_buffer, pickle_buffer + pickle_length, *account);
- free(pickle_buffer);
- delete account;
-}
diff --git a/fuzzers/fuzz_unpickle_session.cpp b/fuzzers/fuzz_unpickle_session.cpp
deleted file mode 100644
index 6edbc96..0000000
--- a/fuzzers/fuzz_unpickle_session.cpp
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "olm/session.hh"
-#include "fuzzing.hh"
-
-int main(int argc, const char *argv[]) {
- int pickle_fd = STDIN_FILENO;
- uint8_t * pickle_buffer;
- ssize_t pickle_length = check_errno(
- "Error reading pickle file", read_file(pickle_fd, &pickle_buffer)
- );
- olm::Session * session = new olm::Session;
- unpickle(pickle_buffer, pickle_buffer + pickle_length, *session);
- free(pickle_buffer);
- delete session;
-}
diff --git a/fuzzers/include/fuzzing.hh b/fuzzers/include/fuzzing.hh
deleted file mode 100644
index b27c396..0000000
--- a/fuzzers/include/fuzzing.hh
+++ /dev/null
@@ -1,82 +0,0 @@
-#include "olm/olm.hh"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <stddef.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-
-ssize_t read_file(
- int fd,
- uint8_t **buffer
-) {
- size_t buffer_size = 4096;
- uint8_t * current_buffer = (uint8_t *) malloc(buffer_size);
- if (current_buffer == NULL) return -1;
- size_t buffer_pos = 0;
- while (1) {
- ssize_t count = read(
- fd, current_buffer + buffer_pos, buffer_size - buffer_pos
- );
- if (count < 0) break;
- if (count == 0) {
- uint8_t * return_buffer = (uint8_t *) realloc(current_buffer, buffer_pos);
- if (return_buffer == NULL) break;
- *buffer = return_buffer;
- return buffer_pos;
- }
- buffer_pos += count;
- if (buffer_pos == buffer_size) {
- buffer_size *= 2;
- uint8_t * new_buffer = (uint8_t *) realloc(current_buffer, buffer_size);
- if (new_buffer == NULL) break;
- current_buffer = new_buffer;
- }
- }
- free(current_buffer);
- return -1;
-}
-
-template<typename T>
-T check_errno(
- const char * message,
- T value
-) {
- if (value == T(-1)) {
- perror(message);
- exit(1);
- }
- return value;
-}
-
-template<typename T, typename F>
-size_t check_error(
- F f,
- T * object,
- const char * message,
- size_t value
-) {
- if (value == olm_error()) {
- const char * olm_message = f(object);
- ssize_t ignored;
- ignored = write(STDERR_FILENO, message, strlen(message));
- ignored = write(STDERR_FILENO, ": ", 2);
- ignored = write(STDERR_FILENO, olm_message, strlen(olm_message));
- ignored = write(STDERR_FILENO, "\n", 1);
- exit(2);
- return ignored;
- }
- return value;
-}
-
-size_t check_session(
- OlmSession * session,
- const char * message,
- size_t value
-) {
- return check_error(olm_session_last_error, session, message, value);
-}