From f9520b971e57625942ea10f753e08985ca725fa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Fri, 9 May 2025 07:46:40 +0200 Subject: [PATCH] tests/fuzz: add fuzz testing on secured data functions (issue #1462) --- doc/en/weechat_dev.en.adoc | 1 + doc/fr/weechat_dev.fr.adoc | 1 + doc/ja/weechat_dev.ja.adoc | 2 + doc/sr/weechat_dev.sr.adoc | 2 + tests/fuzz/CMakeLists.txt | 2 +- tests/fuzz/core/secure-fuzzer.cc | 91 ++++++++++++++++++++++++++++++++ 6 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 tests/fuzz/core/secure-fuzzer.cc diff --git a/doc/en/weechat_dev.en.adoc b/doc/en/weechat_dev.en.adoc index 580c67a87..8f0723ecc 100644 --- a/doc/en/weechat_dev.en.adoc +++ b/doc/en/weechat_dev.en.adoc @@ -422,6 +422,7 @@ WeeChat "core" is located in following directories: |       core/ | Root of fuzz testing for core. |          calc-fuzzer.c | Fuzz testing: calculation of expressions. |          crypto-fuzzer.c | Fuzz testing: cryptographic functions. +|          secure-fuzzer.c | Fuzz testing: secured data. |          string-fuzzer.c | Fuzz testing: strings. |          utf8-fuzzer.c | Fuzz testing: UTF-8. |          util-fuzzer.c | Fuzz testing: utility functions. diff --git a/doc/fr/weechat_dev.fr.adoc b/doc/fr/weechat_dev.fr.adoc index f1df9dbb7..8c960fd65 100644 --- a/doc/fr/weechat_dev.fr.adoc +++ b/doc/fr/weechat_dev.fr.adoc @@ -423,6 +423,7 @@ Le cœur de WeeChat est situé dans les répertoires suivants : |       core/ | Racine du fuzzing pour le cœur. |          calc-fuzzer.c | Fuzzing : calcul d'expressions. |          crypto-fuzzer.c | Fuzzing : fonctions cryptographiques. +|          secure-fuzzer.c | Fuzzing : données sécurisées. |          string-fuzzer.c | Fuzzing : chaînes. |          utf8-fuzzer.c | Fuzzing : UTF-8. |          util-fuzzer.c | Fuzzing : fonctions utiles. diff --git a/doc/ja/weechat_dev.ja.adoc b/doc/ja/weechat_dev.ja.adoc index 1424d811b..cc1b0b90c 100644 --- a/doc/ja/weechat_dev.ja.adoc +++ b/doc/ja/weechat_dev.ja.adoc @@ -471,6 +471,8 @@ WeeChat "core" は以下のディレクトリに配置されています: // TRANSLATION MISSING |          crypto-fuzzer.c | Fuzz testing: cryptographic functions. // TRANSLATION MISSING +|          secure-fuzzer.c | Fuzz testing: secured data. +// TRANSLATION MISSING |          string-fuzzer.c | Fuzz testing: 文字列 // TRANSLATION MISSING |          utf8-fuzzer.c | Fuzz testing: UTF-8. diff --git a/doc/sr/weechat_dev.sr.adoc b/doc/sr/weechat_dev.sr.adoc index ff98a76a7..489f555a2 100644 --- a/doc/sr/weechat_dev.sr.adoc +++ b/doc/sr/weechat_dev.sr.adoc @@ -437,6 +437,8 @@ WeeChat „језгро” се налази у следећим директо // TRANSLATION MISSING |          crypto-fuzzer.c | Fuzz testing: криптографске функције. // TRANSLATION MISSING +|          secure-fuzzer.c | Fuzz testing: secured data. +// TRANSLATION MISSING |          string-fuzzer.c | Fuzz testing: стрингови. // TRANSLATION MISSING |          utf8-fuzzer.c | Fuzz testing: UTF-8. diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt index d653b4b22..f741b8230 100644 --- a/tests/fuzz/CMakeLists.txt +++ b/tests/fuzz/CMakeLists.txt @@ -93,7 +93,7 @@ list(APPEND FUZZ_TARGET_DEPS ) # fuzz targets -set(FUZZ_CORE_TARGETS calc crypto string utf8 util) +set(FUZZ_CORE_TARGETS calc crypto secure string utf8 util) foreach(fuzz_target ${FUZZ_CORE_TARGETS}) add_executable(weechat_core_${fuzz_target}_fuzzer core/${fuzz_target}-fuzzer.cc) diff --git a/tests/fuzz/core/secure-fuzzer.cc b/tests/fuzz/core/secure-fuzzer.cc new file mode 100644 index 000000000..feed570a8 --- /dev/null +++ b/tests/fuzz/core/secure-fuzzer.cc @@ -0,0 +1,91 @@ +/* + * SPDX-FileCopyrightText: 2025 Sébastien Helleu + * + * SPDX-License-Identifier: GPL-3.0-or-later + * + * This file is part of WeeChat, the extensible chat client. + * + * WeeChat is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * WeeChat is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with WeeChat. If not, see . + */ + +/* Fuzz testing on WeeChat core secured data functions */ + +extern "C" +{ +#include +#include +#include +#include +#include + +#include + +#include "src/core/core-config.h" +#include "src/core/core-secure.h" +#include "src/core/core-secure-config.h" +#include "src/core/core-string.h" + +extern int secure_derive_key (const char *salt, const char *passphrase, + unsigned char *key, int length_key); +} + +extern "C" int +LLVMFuzzerInitialize (int *argc, char ***argv) +{ + /* make C++ compiler happy */ + (void) argc; + (void) argv; + + string_init (); + secure_init (); + secure_config_init (); + config_weechat_init (); + + return 0; +} + +extern "C" int +LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) +{ + char *str, hash[1024], *encrypted, *decrypted; + int length_encrypted, length_decrypted; + + str = (char *)malloc (size + 1); + memcpy (str, data, size); + str[size] = '\0'; + + secure_derive_key (str, str, (unsigned char *)hash, sizeof (hash)); + + if (size > 0) + { + encrypted = NULL; + decrypted = NULL; + config_file_option_set (secure_config_crypt_salt, "on", 1); + secure_encrypt_data (str, size, GCRY_MD_SHA512, GCRY_CIPHER_AES256, "test", &encrypted, &length_encrypted); + secure_decrypt_data (encrypted, length_encrypted, GCRY_MD_SHA512, GCRY_CIPHER_AES256, "test", &decrypted, &length_decrypted); + assert ((size_t)length_decrypted == size); + assert (memcmp (decrypted, str, length_decrypted) == 0); + free (encrypted); + free (decrypted); + config_file_option_set (secure_config_crypt_salt, "off", 1); + encrypted = NULL; + secure_encrypt_data (str, size, GCRY_MD_SHA512, GCRY_CIPHER_AES256, "test", &encrypted, &length_encrypted); + free (encrypted); + config_file_option_reset (secure_config_crypt_salt, 1); + } + + free (str); + + return 0; +}