[tor-commits] [tor/release-0.3.2] In the hsdescv3 fuzzer, replace the decryption function.

nickm at torproject.org nickm at torproject.org
Tue Oct 31 18:04:39 UTC 2017


commit 26e0909e516a91281c2ad1fcac23405f3cc1ee11
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri Oct 27 14:28:02 2017 -0400

    In the hsdescv3 fuzzer, replace the decryption function.
    
    The new decryption function performs no decryption, skips the salt,
    and doesn't check the mac.  This allows us to fuzz the
    hs_descriptor.c code using unencrypted descriptor test, and exercise
    more of the code.
    
    Related to 21509.
---
 changes/hsdescv3_fuzz_more    |  3 +++
 src/or/hs_descriptor.c        | 12 ++++++------
 src/or/hs_descriptor.h        |  7 +++++++
 src/test/fuzz/fuzz_hsdescv3.c | 19 +++++++++++++++++++
 4 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/changes/hsdescv3_fuzz_more b/changes/hsdescv3_fuzz_more
new file mode 100644
index 000000000..25626bb9a
--- /dev/null
+++ b/changes/hsdescv3_fuzz_more
@@ -0,0 +1,3 @@
+  o Minor features (testing):
+    - Our fuzzing tests now test the encrypted portions of the
+      v3 hidden service descriptors.  Implements more of 21509.
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 4bc54bdb2..a8ff3471c 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -1303,12 +1303,12 @@ encrypted_data_length_is_valid(size_t len)
  *  generate the right decryption keys; set <b>decrypted_out</b> to the
  *  plaintext. If <b>is_superencrypted_layer</b> is set, this is the outter
  *  encrypted layer of the descriptor. */
-static size_t
-decrypt_desc_layer(const hs_descriptor_t *desc,
-                   const uint8_t *encrypted_blob,
-                   size_t encrypted_blob_size,
-                   int is_superencrypted_layer,
-                   char **decrypted_out)
+MOCK_IMPL(STATIC size_t,
+decrypt_desc_layer,(const hs_descriptor_t *desc,
+                    const uint8_t *encrypted_blob,
+                    size_t encrypted_blob_size,
+                    int is_superencrypted_layer,
+                    char **decrypted_out))
 {
   uint8_t *decrypted = NULL;
   uint8_t secret_key[HS_DESC_ENCRYPTED_KEY_LEN], secret_iv[CIPHER_IV_LEN];
diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
index 971e85664..7730ce09f 100644
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@@ -261,6 +261,13 @@ STATIC size_t decode_superencrypted(const char *message, size_t message_len,
                                    uint8_t **encrypted_out);
 STATIC void desc_plaintext_data_free_contents(hs_desc_plaintext_data_t *desc);
 
+MOCK_DECL(STATIC size_t, decrypt_desc_layer,(const hs_descriptor_t *desc,
+                                             const uint8_t *encrypted_blob,
+                                             size_t encrypted_blob_size,
+                                             int is_superencrypted_layer,
+                                             char **decrypted_out));
+
+
 #endif /* defined(HS_DESCRIPTOR_PRIVATE) */
 
 #endif /* !defined(TOR_HS_DESCRIPTOR_H) */
diff --git a/src/test/fuzz/fuzz_hsdescv3.c b/src/test/fuzz/fuzz_hsdescv3.c
index 03c509e2e..30e82c925 100644
--- a/src/test/fuzz/fuzz_hsdescv3.c
+++ b/src/test/fuzz/fuzz_hsdescv3.c
@@ -35,12 +35,31 @@ mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
   return 0;
 }
 
+static size_t
+mock_decrypt_desc_layer(const hs_descriptor_t *desc,
+                        const uint8_t *encrypted_blob,
+                        size_t encrypted_blob_size,
+                        int is_superencrypted_layer,
+                        char **decrypted_out)
+{
+  (void)is_superencrypted_layer;
+  (void)desc;
+  const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
+  if (encrypted_blob_size < overhead)
+    return 0;
+  *decrypted_out = tor_memdup_nulterm(
+                   encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
+                   encrypted_blob_size - overhead);
+  return strlen(*decrypted_out);
+}
+
 int
 fuzz_init(void)
 {
   disable_signature_checking();
   MOCK(dump_desc, mock_dump_desc__nodump);
   MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
+  MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
   ed25519_init();
   return 0;
 }





More information about the tor-commits mailing list