diff options
Diffstat (limited to 'components/webcrypto')
-rw-r--r-- | components/webcrypto/BUILD.gn | 74 | ||||
-rw-r--r-- | components/webcrypto/ec_import_key_pkcs8_fuzzer.cc | 15 | ||||
-rw-r--r-- | components/webcrypto/ec_import_key_spki_fuzzer.cc | 15 | ||||
-rw-r--r-- | components/webcrypto/fuzzer_support.cc | 131 | ||||
-rw-r--r-- | components/webcrypto/fuzzer_support.h | 25 | ||||
-rw-r--r-- | components/webcrypto/rsa_import_key_pkcs8_fuzzer.cc | 15 | ||||
-rw-r--r-- | components/webcrypto/rsa_import_key_spki_fuzzer.cc | 15 |
7 files changed, 290 insertions, 0 deletions
diff --git a/components/webcrypto/BUILD.gn b/components/webcrypto/BUILD.gn index 94a251d..0db4ccc 100644 --- a/components/webcrypto/BUILD.gn +++ b/components/webcrypto/BUILD.gn @@ -3,6 +3,7 @@ # found in the LICENSE file. import("//testing/test.gni") +import("//testing/libfuzzer/fuzzer_test.gni") source_set("webcrypto") { sources = [ @@ -93,3 +94,76 @@ source_set("unit_tests") { "//third_party/re2", ] } + +# Shared functionality for writing WebCrypto fuzzers at this layer (several +# things need to be done to initialize Blink and pull in the right +# dependencies). +source_set("fuzzer_support") { + testonly = true + + sources = [ + "fuzzer_support.cc", + "fuzzer_support.h", + ] + deps = [ + ":webcrypto", + "//crypto", + "//crypto:platform", + + # The "blink_for_unittests" includes a dependency on Mojo, which otherwise + # public:blink lacks and would result in a linker error. + "//third_party/WebKit/public:blink_for_unittests", + + # This contains a helper function for initializing Blink (needed for + # PartitionAlloc initialization). + "//components/test_runner:test_runner", + ] +} + +# Tests the import of PKCS8 formatted EC keys. +fuzzer_test("ec_import_key_pkcs8_fuzzer") { + sources = [ + "ec_import_key_pkcs8_fuzzer.cc", + ] + deps = [ + ":fuzzer_support", + ":webcrypto", + "//third_party/WebKit/public:blink_headers", + ] +} + +# Tests the import of SPKI formatted EC keys. +fuzzer_test("ec_import_key_spki_fuzzer") { + sources = [ + "ec_import_key_spki_fuzzer.cc", + ] + deps = [ + ":fuzzer_support", + ":webcrypto", + "//third_party/WebKit/public:blink_headers", + ] +} + +# Tests the import of PKCS8 formatted RSA keys. +fuzzer_test("rsa_import_key_pkcs8_fuzzer") { + sources = [ + "rsa_import_key_pkcs8_fuzzer.cc", + ] + deps = [ + ":fuzzer_support", + ":webcrypto", + "//third_party/WebKit/public:blink_headers", + ] +} + +# Tests the import of SPKI formatted RSA keys. +fuzzer_test("rsa_import_key_spki_fuzzer") { + sources = [ + "rsa_import_key_pkcs8_fuzzer.cc", + ] + deps = [ + ":fuzzer_support", + ":webcrypto", + "//third_party/WebKit/public:blink_headers", + ] +} diff --git a/components/webcrypto/ec_import_key_pkcs8_fuzzer.cc b/components/webcrypto/ec_import_key_pkcs8_fuzzer.cc new file mode 100644 index 0000000..154004c --- /dev/null +++ b/components/webcrypto/ec_import_key_pkcs8_fuzzer.cc @@ -0,0 +1,15 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "components/webcrypto/fuzzer_support.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + webcrypto::ImportEcKeyFromDerFuzzData(data, size, + blink::WebCryptoKeyFormatPkcs8); + return 0; +} diff --git a/components/webcrypto/ec_import_key_spki_fuzzer.cc b/components/webcrypto/ec_import_key_spki_fuzzer.cc new file mode 100644 index 0000000..7f16cfc --- /dev/null +++ b/components/webcrypto/ec_import_key_spki_fuzzer.cc @@ -0,0 +1,15 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "components/webcrypto/fuzzer_support.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + webcrypto::ImportEcKeyFromDerFuzzData(data, size, + blink::WebCryptoKeyFormatSpki); + return 0; +} diff --git a/components/webcrypto/fuzzer_support.cc b/components/webcrypto/fuzzer_support.cc new file mode 100644 index 0000000..f44f8bc --- /dev/null +++ b/components/webcrypto/fuzzer_support.cc @@ -0,0 +1,131 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/webcrypto/fuzzer_support.h" + +#include "base/command_line.h" +#include "base/lazy_instance.h" +#include "components/test_runner/test_common.h" +#include "components/webcrypto/algorithm_dispatch.h" +#include "components/webcrypto/crypto_data.h" +#include "components/webcrypto/status.h" +#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" + +namespace webcrypto { + +namespace { + +// This mock is used to initialize blink. +class InitOnce { + public: + InitOnce() { + // EnsureBlinkInitialized() depends on the command line singleton being + // initialized. + base::CommandLine::Init(0, nullptr); + test_runner::EnsureBlinkInitialized(); + } +}; + +base::LazyInstance<InitOnce>::Leaky g_once = LAZY_INSTANCE_INITIALIZER; + +void EnsureInitialized() { + g_once.Get(); +} + +blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( + blink::WebCryptoAlgorithmId id, + blink::WebCryptoAlgorithmId hash_id) { + DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); + return blink::WebCryptoAlgorithm::adoptParamsAndCreate( + id, + new blink::WebCryptoRsaHashedImportParams( + blink::WebCryptoAlgorithm::adoptParamsAndCreate(hash_id, nullptr))); +} + +blink::WebCryptoAlgorithm CreateEcImportAlgorithm( + blink::WebCryptoAlgorithmId id, + blink::WebCryptoNamedCurve named_curve) { + return blink::WebCryptoAlgorithm::adoptParamsAndCreate( + id, new blink::WebCryptoEcKeyImportParams(named_curve)); +} + +} // namespace + +blink::WebCryptoKeyUsageMask GetCompatibleKeyUsages( + blink::WebCryptoKeyFormat format) { + // SPKI format implies import of a public key, whereas PKCS8 implies import + // of a private key. Pick usages that are compatible with a signature + // algorithm. + return format == blink::WebCryptoKeyFormatSpki + ? blink::WebCryptoKeyUsageVerify + : blink::WebCryptoKeyUsageSign; +} + +void ImportEcKeyFromDerFuzzData(const uint8_t* data, + size_t size, + blink::WebCryptoKeyFormat format) { + DCHECK(format == blink::WebCryptoKeyFormatSpki || + format == blink::WebCryptoKeyFormatPkcs8); + EnsureInitialized(); + + // There are 3 possible EC named curves. Fix this parameter. It shouldn't + // matter based on the current implementation for PKCS8 or SPKI. But it + // will have an impact when parsing JWK format. + blink::WebCryptoNamedCurve curve = blink::WebCryptoNamedCurveP384; + + // Always use ECDSA as the algorithm. Shouldn't make much difference for + // non-JWK formats. + blink::WebCryptoAlgorithmId algorithm_id = blink::WebCryptoAlgorithmIdEcdsa; + + // Use key usages that are compatible with the chosen algorithm and key type. + blink::WebCryptoKeyUsageMask usages = GetCompatibleKeyUsages(format); + + blink::WebCryptoKey key; + webcrypto::Status status = webcrypto::ImportKey( + format, webcrypto::CryptoData(data, size), + CreateEcImportAlgorithm(algorithm_id, curve), true, usages, &key); + + // These errors imply a bad setup of parameters, and means ImportKey() may not + // be testing the actual parsing. + DCHECK_NE(status.error_details(), + Status::ErrorUnsupportedImportKeyFormat().error_details()); + DCHECK_NE(status.error_details(), + Status::ErrorCreateKeyBadUsages().error_details()); +} + +void ImportRsaKeyFromDerFuzzData(const uint8_t* data, + size_t size, + blink::WebCryptoKeyFormat format) { + DCHECK(format == blink::WebCryptoKeyFormatSpki || + format == blink::WebCryptoKeyFormatPkcs8); + EnsureInitialized(); + + // There are several possible hash functions. Fix this parameter. It shouldn't + // matter based on the current implementation for PKCS8 or SPKI. But it + // will have an impact when parsing JWK format. + blink::WebCryptoAlgorithmId hash_id = blink::WebCryptoAlgorithmIdSha256; + + // Always use RSA-SSA PKCS#1 as the algorithm. Shouldn't make much difference + // for non-JWK formats. + blink::WebCryptoAlgorithmId algorithm_id = + blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; + + // Use key usages that are compatible with the chosen algorithm and key type. + blink::WebCryptoKeyUsageMask usages = GetCompatibleKeyUsages(format); + + blink::WebCryptoKey key; + webcrypto::Status status = webcrypto::ImportKey( + format, webcrypto::CryptoData(data, size), + CreateRsaHashedImportAlgorithm(algorithm_id, hash_id), true, usages, + &key); + + // These errors imply a bad setup of parameters, and means ImportKey() may not + // be testing the actual parsing. + DCHECK_NE(status.error_details(), + Status::ErrorUnsupportedImportKeyFormat().error_details()); + DCHECK_NE(status.error_details(), + Status::ErrorCreateKeyBadUsages().error_details()); +} + +} // namespace webcrypto diff --git a/components/webcrypto/fuzzer_support.h b/components/webcrypto/fuzzer_support.h new file mode 100644 index 0000000..43cde78 --- /dev/null +++ b/components/webcrypto/fuzzer_support.h @@ -0,0 +1,25 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_WEBCRYPTO_FUZZER_SUPPORT_H_ +#define COMPONENTS_WEBCRYPTO_FUZZER_SUPPORT_H_ + +#include <stddef.h> +#include <stdint.h> + +#include "third_party/WebKit/public/platform/WebCryptoKey.h" + +namespace webcrypto { + +void ImportEcKeyFromDerFuzzData(const uint8_t* data, + size_t size, + blink::WebCryptoKeyFormat format); + +void ImportRsaKeyFromDerFuzzData(const uint8_t* data, + size_t size, + blink::WebCryptoKeyFormat format); + +} // namespace webcrypto + +#endif // COMPONENTS_WEBCRYPTO_FUZZER_SUPPORT_H_ diff --git a/components/webcrypto/rsa_import_key_pkcs8_fuzzer.cc b/components/webcrypto/rsa_import_key_pkcs8_fuzzer.cc new file mode 100644 index 0000000..1840122 --- /dev/null +++ b/components/webcrypto/rsa_import_key_pkcs8_fuzzer.cc @@ -0,0 +1,15 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "components/webcrypto/fuzzer_support.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + webcrypto::ImportRsaKeyFromDerFuzzData(data, size, + blink::WebCryptoKeyFormatPkcs8); + return 0; +} diff --git a/components/webcrypto/rsa_import_key_spki_fuzzer.cc b/components/webcrypto/rsa_import_key_spki_fuzzer.cc new file mode 100644 index 0000000..e91b140 --- /dev/null +++ b/components/webcrypto/rsa_import_key_spki_fuzzer.cc @@ -0,0 +1,15 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "components/webcrypto/fuzzer_support.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + webcrypto::ImportRsaKeyFromDerFuzzData(data, size, + blink::WebCryptoKeyFormatSpki); + return 0; +} |