CryptoAuth_fuzz_test.c 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  14. */
  15. #include "crypto/random/Random.h"
  16. #include "crypto/CryptoAuth.h"
  17. #include "benc/String.h"
  18. #include "memory/MallocAllocator.h"
  19. #include "util/events/EventBase.h"
  20. #include "util/Assert.h"
  21. #include "util/Bits.h"
  22. #include "util/Hex.h"
  23. #include "util/Endian.h"
  24. #include "util/log/FileWriterLog.h"
  25. #include "crypto/random/test/DeterminentRandomSeed.h"
  26. #include "crypto/random/Random.h"
  27. #include "crypto/AddressCalc.h"
  28. #include "test/FuzzTest.h"
  29. struct DelayedMsg {
  30. struct Message* msg;
  31. struct DelayedMsg* next;
  32. struct Allocator* alloc;
  33. /** The relevant node's sendCounter must be this much for the packet to be forwarded */
  34. int sendAfter;
  35. };
  36. struct Node {
  37. struct CryptoAuth* ca;
  38. struct CryptoAuth_Session* session;
  39. struct DelayedMsg* delayedMsgs;
  40. int sendCounter;
  41. };
  42. struct Context {
  43. struct Node nodeA;
  44. struct Node nodeB;
  45. struct Allocator* alloc;
  46. struct Random* rand;
  47. struct Log* log;
  48. /** Number of messages which make back and forth *while* both CAs are in ESTABLISHED state. */
  49. int successMessageCount;
  50. Identity
  51. };
  52. // Increase this number to make the fuzz test run longer.
  53. #define QUICK_CYCLES 20
  54. #define SLOW_CYCLES 7500
  55. #define PACKETS 500000
  56. #define SUCCESS_MESSAGES_REQUIRED 5
  57. #define logNode(ctx, node, format, ...) \
  58. if (node == &ctx->nodeA) { \
  59. Log_debug((ctx)->log, "(nodeA) " format, __VA_ARGS__); \
  60. } else { \
  61. Log_debug((ctx)->log, "(nodeB) " format, __VA_ARGS__); \
  62. }
  63. #define logNode0(ctx, node, format) logNode((ctx), (node), "%s", (format))
  64. static bool maybe(struct Context* ctx, uint32_t chanceIsOneInWhat)
  65. {
  66. return Random_uint16(ctx->rand) < (65535 / chanceIsOneInWhat);
  67. }
  68. static void resetNode(struct Context* ctx, struct Node* node)
  69. {
  70. logNode0(ctx, node, "RESET");
  71. CryptoAuth_reset(node->session);
  72. }
  73. /**
  74. * Mutable bit is any bit for which the CryptoAuth does not promise to fail any packet
  75. * where that bit has been flipped on the wire.
  76. */
  77. #define HIGHEST_MUTIBLE_BIT 127
  78. static bool isMutableBit(int bitNum)
  79. {
  80. // difference between HELLO and REPEAT HELLO which are usually interchangable
  81. if (bitNum == 31) {
  82. return true;
  83. }
  84. // Bytes between authType and end of auth header are mutable
  85. if (bitNum >= 40 && bitNum <= HIGHEST_MUTIBLE_BIT) {
  86. return true;
  87. }
  88. // wtf why?
  89. if (bitNum == 568) {
  90. return true;
  91. }
  92. return false;
  93. }
  94. static void flipBit(struct Message* msg, uint32_t bitNum)
  95. {
  96. Assert_true(msg->length * 8 > (int)bitNum);
  97. msg->bytes[bitNum / 8] ^= 128 >> (bitNum % 8);
  98. }
  99. static void flipMutableBit(struct Context* ctx, struct Node* from, struct Message* msg)
  100. {
  101. uint32_t bitNum;
  102. do {
  103. bitNum = Random_uint8(ctx->rand) % (HIGHEST_MUTIBLE_BIT + 1);
  104. } while (!isMutableBit(bitNum));
  105. logNode(ctx, from, "FLIPPING MUTABLE BIT %u", bitNum);
  106. flipBit(msg, bitNum);
  107. }
  108. static void flipImmutableBit(struct Context* ctx, struct Node* from, struct Message* msg)
  109. {
  110. uint32_t bitNum;
  111. do {
  112. bitNum = Random_uint16(ctx->rand) % (msg->length * 8);
  113. } while (isMutableBit(bitNum));
  114. logNode(ctx, from, "FLIPPING IMMUTABLE BIT %u", bitNum);
  115. flipBit(msg, bitNum);
  116. }
  117. static int queuedMessageCount(struct Node* node)
  118. {
  119. int i = 0;
  120. for (struct DelayedMsg* dm = node->delayedMsgs; dm; dm = dm->next) {
  121. Assert_true(!dm->next || dm->next->sendAfter >= dm->sendAfter);
  122. i++;
  123. }
  124. return i;
  125. }
  126. static void duplicate(struct Context* ctx, struct Node* from, struct Message* msg)
  127. {
  128. if (queuedMessageCount(from) > 500) {
  129. logNode0(ctx, from, "OOM can't duplicate");
  130. return;
  131. }
  132. logNode0(ctx, from, "DUPLICATE");
  133. struct Allocator* alloc = Allocator_child(ctx->alloc);
  134. struct DelayedMsg* delayed = Allocator_calloc(alloc, sizeof(struct DelayedMsg), 1);
  135. delayed->msg = Message_clone(msg, alloc);
  136. delayed->next = from->delayedMsgs;
  137. from->delayedMsgs = delayed;
  138. delayed->alloc = alloc;
  139. }
  140. static void delay(struct Context* ctx, struct Node* from, struct Message* msg, int afterMsgs)
  141. {
  142. if (queuedMessageCount(from) > 500) {
  143. logNode0(ctx, from, "OOM can't delay (drop instead)");
  144. return;
  145. }
  146. logNode(ctx, from, "DELAY %d packets (ptr:%lx)", afterMsgs, (unsigned long)msg);
  147. struct Allocator* alloc = Allocator_child(ctx->alloc);
  148. struct DelayedMsg* delayed = Allocator_calloc(alloc, sizeof(struct DelayedMsg), 1);
  149. Allocator_adopt(alloc, msg->alloc);
  150. delayed->msg = msg;
  151. delayed->sendAfter = from->sendCounter + afterMsgs;
  152. delayed->alloc = alloc;
  153. struct DelayedMsg** dp = &from->delayedMsgs;
  154. while (*dp && (*dp)->sendAfter < delayed->sendAfter) {
  155. dp = &(*dp)->next;
  156. }
  157. delayed->next = *dp;
  158. *dp = delayed;
  159. }
  160. static void sendFrom(struct Context* ctx, struct Node* from, struct Message* msg)
  161. {
  162. struct Node* to = (from == &ctx->nodeA) ? &ctx->nodeB : &ctx->nodeA;
  163. logNode0(ctx, from, "SEND");
  164. // 1/20 chance the packet is dropped
  165. if (maybe(ctx, 20)) {
  166. logNode0(ctx, from, "DROP");
  167. return;
  168. }
  169. // 1/10 chance the packet has a bit flipped which the cryptoauth is not guaranteed to fail
  170. if (maybe(ctx, 8)) { flipMutableBit(ctx, from, msg); }
  171. // 1/10 chance the packet is duplicated
  172. if (maybe(ctx, 10)) { duplicate(ctx, from, msg); }
  173. // 1/8 chance the packet is delayed for something between 1 and 8 packets
  174. if (maybe(ctx, 8)) {
  175. delay(ctx, from, msg, (Random_uint8(ctx->rand) % 8) + 1);
  176. return;
  177. }
  178. // 1/30 chance the packet has a bit flipped in a validated already
  179. bool flippedImmutable = false;
  180. if (maybe(ctx, 20)) {
  181. flipImmutableBit(ctx, from, msg);
  182. flippedImmutable = true;
  183. }
  184. if (!CryptoAuth_decrypt(to->session, msg)) {
  185. Assert_true(!flippedImmutable);
  186. Assert_true(msg->length == 4 && !Bits_memcmp(msg->bytes, "hey", 4));
  187. if (to == &ctx->nodeB) {
  188. // 1/10 chance the node decides not to reply.
  189. if (maybe(ctx, 10)) {
  190. return;
  191. }
  192. Assert_true(!CryptoAuth_encrypt(to->session, msg));
  193. to->sendCounter++;
  194. sendFrom(ctx, to, msg);
  195. } else if (CryptoAuth_getState(ctx->nodeA.session) == CryptoAuth_State_ESTABLISHED &&
  196. CryptoAuth_getState(ctx->nodeB.session) == CryptoAuth_State_ESTABLISHED)
  197. {
  198. ctx->successMessageCount++;
  199. }
  200. }
  201. }
  202. static bool sendQueued(struct Context* ctx, struct Node* fromNode)
  203. {
  204. if (!fromNode->delayedMsgs || fromNode->delayedMsgs->sendAfter > fromNode->sendCounter) {
  205. return false;
  206. }
  207. struct DelayedMsg* dmsg = fromNode->delayedMsgs;
  208. fromNode->delayedMsgs = dmsg->next;
  209. logNode(ctx, fromNode, "SENDING QUEUED (ptr:%lx)", (long)dmsg->msg);
  210. sendFrom(ctx, fromNode, dmsg->msg);
  211. Allocator_free(dmsg->alloc);
  212. return true;
  213. }
  214. static void mainLoop(struct Context* ctx)
  215. {
  216. for (int i = 0; i < PACKETS; i++) {
  217. if (ctx->successMessageCount > SUCCESS_MESSAGES_REQUIRED) { return; }
  218. if (maybe(ctx, 800)) {
  219. resetNode(ctx, &ctx->nodeA);
  220. } else if (maybe(ctx, 200)) {
  221. resetNode(ctx, &ctx->nodeB);
  222. }
  223. // Try to interleave if there are multiple to send on each side.
  224. while (sendQueued(ctx, maybe(ctx, 2) ? &ctx->nodeA : &ctx->nodeB)) ;
  225. while (sendQueued(ctx, &ctx->nodeA)) ;
  226. while (sendQueued(ctx, &ctx->nodeB)) ;
  227. struct Allocator* alloc = Allocator_child(ctx->alloc);
  228. struct Message* msg = Message_new(0, 512, alloc);
  229. Message_push(msg, "hey", 4, NULL);
  230. Assert_true(!CryptoAuth_encrypt(ctx->nodeA.session, msg));
  231. sendFrom(ctx, &ctx->nodeA, msg);
  232. Allocator_free(alloc);
  233. }
  234. Assert_failure("Nodes could not sync");
  235. }
  236. void* CJDNS_FUZZ_INIT(struct Allocator* alloc, struct Random* rand, struct EventBase* base)
  237. {
  238. struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1);
  239. Identity_set(ctx);
  240. ctx->alloc = alloc;
  241. ctx->nodeA.ca = CryptoAuth_new(alloc, NULL, base, NULL, rand);
  242. ctx->nodeB.ca = CryptoAuth_new(alloc, NULL, base, NULL, rand);
  243. ctx->nodeA.session = CryptoAuth_newSession(
  244. ctx->nodeA.ca, alloc, ctx->nodeB.ca->publicKey, false, "nodeA");
  245. ctx->nodeB.session = CryptoAuth_newSession(
  246. ctx->nodeB.ca, alloc, ctx->nodeA.ca->publicKey, false, "nodeB");
  247. return ctx;
  248. }
  249. void CJDNS_FUZZ_MAIN(void* vctx, struct Message* fuzz)
  250. {
  251. struct Context* ctx = Identity_check((struct Context*) vctx);
  252. // This is not ideal, but this test was already written before AFL.
  253. struct RandomSeed* rs = DeterminentRandomSeed_new(ctx->alloc, fuzz->bytes);
  254. ctx->rand = Random_newWithSeed(ctx->alloc, NULL, rs, NULL);
  255. if (maybe(ctx, 2)) {
  256. CryptoAuth_addUser_ipv6(String_CONST("pass"), String_CONST("user"), NULL, ctx->nodeB.ca);
  257. } else {
  258. uint8_t nodeAAddress[16];
  259. AddressCalc_addressForPublicKey(nodeAAddress, ctx->nodeA.ca->publicKey);
  260. CryptoAuth_addUser_ipv6(String_CONST("pass"),
  261. String_CONST("user"),
  262. nodeAAddress,
  263. ctx->nodeB.ca);
  264. }
  265. if (maybe(ctx, 3)) {
  266. // 33% chance of no authentication
  267. CryptoAuth_removeUsers(ctx->nodeB.ca, String_CONST("user"));
  268. } else if (maybe(ctx, 2)) {
  269. // 33% chance of authType 2
  270. CryptoAuth_setAuth(String_CONST("pass"), String_CONST("user"), ctx->nodeA.session);
  271. } else {
  272. // 33% chance of authType 1
  273. CryptoAuth_setAuth(String_CONST("pass"), NULL, ctx->nodeA.session);
  274. }
  275. mainLoop(ctx);
  276. }