Check-in [75b2699549]
Overview
Comment:Better cleanup now that we exclude some bytes in debug printing buffer
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 75b2699549365144e4d512815d79478b6a1bb2e0
User & Date: rkeene on 2015-07-24 15:11:35
Other Links: manifest | tags
Context
2015-07-27
15:41
Simplified test code for AFL and added it to the Makefile check-in: 79322b800c user: rkeene tags: trunk
2015-07-24
15:11
Better cleanup now that we exclude some bytes in debug printing buffer check-in: 75b2699549 user: rkeene tags: trunk
15:10
Fixed issue with NULL tags found with AFL fuzzing check-in: 74d7607e3c user: rkeene tags: trunk
Changes

Modified cackey.c from [a17e1982da] to [486977c92e].

220
221
222
223
224
225
226

227
228
229
230
231
232
233
	static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
	unsigned long buf_user_size; \
	unsigned char *TMPBUF; \
	unsigned long idx; \
	int snprintf_ret; \
	TMPBUF = (unsigned char *) (x); \
	buf_user[0] = 0; \

	buf_user_p = buf_user; \
	buf_user_size = sizeof(buf_user); \
	for (idx = 0; idx < (y); idx++) { \
		if (buf_user_size <= 0) { \
			break; \
		}; \
		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \







>







220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
	static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
	unsigned long buf_user_size; \
	unsigned char *TMPBUF; \
	unsigned long idx; \
	int snprintf_ret; \
	TMPBUF = (unsigned char *) (x); \
	buf_user[0] = 0; \
	buf_user[2] = 0; \
	buf_user_p = buf_user; \
	buf_user_size = sizeof(buf_user); \
	for (idx = 0; idx < (y); idx++) { \
		if (buf_user_size <= 0) { \
			break; \
		}; \
		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \

Modified test.c from [eb71775c47] to [7dfc56607f].

640
641
642
643
644
645
646



647
648
649






650

651
652

653
654
655
656
657
658
659
	argv = argv;
}
#else /* CACKEY_TEST_AFL */
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>




/* Include the CACKey source */
#include "cackey.c"







/* Fake a smartcard */

static int scard_inTransaction = 0;
static LONG scard_protocol;


PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) {
	CACKEY_DEBUG_PRINTF("Called");

	*phContext = 42;

	return(SCARD_S_SUCCESS);







>
>
>



>
>
>
>
>
>

>


>







640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
	argv = argv;
}
#else /* CACKEY_TEST_AFL */
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>

static unsigned char *inputData;
static unsigned long inputDataLen;

/* Include the CACKey source */
#include "cackey.c"

#undef CACKEY_DEBUG_PRINTF
#define CACKEY_DEBUG_PRINTF(x...) /**/
#undef malloc
#undef realloc
#undef strdup

/* Fake a smartcard */
const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci;
static int scard_inTransaction = 0;
static LONG scard_protocol;


PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) {
	CACKEY_DEBUG_PRINTF("Called");

	*phContext = 42;

	return(SCARD_S_SUCCESS);
784
785
786
787
788
789
790

791
792
793
794
795


796


797

798











799





800
801
802
803
804
805
806
	}

	return(SCARD_S_SUCCESS);
}

PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) {
	CACKEY_DEBUG_PRINTF("Called");


	if (hCard != 99) {
		return(SCARD_E_INVALID_HANDLE);
	}



	pbRecvBuffer[0] = 0x90;


	pbRecvBuffer[1] = 0x00;













	*pcbRecvLength = 2;






	return(SCARD_S_SUCCESS);
}

/* American Fuzzy Lop testing program */
int main(int argc, char **argv) {
	CK_FUNCTION_LIST_PTR pFunctionList;







>





>
>
|
>
>
|
>

>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>







795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
	}

	return(SCARD_S_SUCCESS);
}

PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) {
	CACKEY_DEBUG_PRINTF("Called");
	unsigned int bytesToRead;

	if (hCard != 99) {
		return(SCARD_E_INVALID_HANDLE);
	}

	if (inputDataLen <= 1) {
		*pcbRecvLength = 0;

		return(SCARD_S_SUCCESS);
	}

	bytesToRead = (inputData[0] << 8) | inputData[1];

	inputData    += 2;
	inputDataLen -= 2;

	if (bytesToRead > inputDataLen) {
		bytesToRead = inputDataLen;
	}

	if (bytesToRead > *pcbRecvLength) {
		return(SCARD_E_INSUFFICIENT_BUFFER);
	}

	*pcbRecvLength = bytesToRead;

	memcpy(pbRecvBuffer, inputData, bytesToRead);

	inputData += bytesToRead;
	inputDataLen -= bytesToRead;

	return(SCARD_S_SUCCESS);
}

/* American Fuzzy Lop testing program */
int main(int argc, char **argv) {
	CK_FUNCTION_LIST_PTR pFunctionList;
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879



880
881
882
883
884
885

886
887
888
889
890
891
892
	CK_ULONG byte_idx;
	CK_OBJECT_CLASS objectClass;
	CK_BYTE signature[1024];
	CK_ULONG signature_len;
	CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0};
	CK_RV chk_rv;
	ssize_t read_ret;
	char data[8192], *fileName = NULL;
	unsigned long data_len;
	int fd;
	int i;
	int initialized = 0;
	int retval = 1;

	fileName = argv[1];
	if (fileName == NULL) {
		goto cleanup;
	}

	fd = open(fileName, O_RDONLY);
	if (fd < 0) {
		goto cleanup;
	}




	read_ret = read(fd, data, sizeof(data));
	if (read_ret < 0) {
		goto cleanup;
	}

	data_len = read_ret;


	close(fd);

	chk_rv = C_GetFunctionList(&pFunctionList);
	if (chk_rv != CKR_OK) {
		printf("C_GetFunctionList() failed.");








|
<















>
>
>
|




|
>







889
890
891
892
893
894
895
896

897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
	CK_ULONG byte_idx;
	CK_OBJECT_CLASS objectClass;
	CK_BYTE signature[1024];
	CK_ULONG signature_len;
	CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0};
	CK_RV chk_rv;
	ssize_t read_ret;
	char *fileName = NULL;

	int fd;
	int i;
	int initialized = 0;
	int retval = 1;

	fileName = argv[1];
	if (fileName == NULL) {
		goto cleanup;
	}

	fd = open(fileName, O_RDONLY);
	if (fd < 0) {
		goto cleanup;
	}

	inputDataLen = 16384;
	inputData = malloc(inputDataLen);

	read_ret = read(fd, inputData, inputDataLen);
	if (read_ret < 0) {
		goto cleanup;
	}

	inputDataLen = read_ret;
	inputData = realloc(inputData, inputDataLen);

	close(fd);

	chk_rv = C_GetFunctionList(&pFunctionList);
	if (chk_rv != CKR_OK) {
		printf("C_GetFunctionList() failed.");

1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
	}

	for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) {
		chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey);
		if (chk_rv == CKR_OK) {
			signature_len = sizeof(signature);

			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) data, data_len, (CK_BYTE_PTR) &signature, &signature_len);
			if (chk_rv == CKR_OK) {
				printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism);

				for (byte_idx = 0; byte_idx < signature_len; byte_idx++) {
					printf("%02x ", (unsigned int) signature[byte_idx]);
				}








|







1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
	}

	for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) {
		chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey);
		if (chk_rv == CKR_OK) {
			signature_len = sizeof(signature);

			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len);
			if (chk_rv == CKR_OK) {
				printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism);

				for (byte_idx = 0; byte_idx < signature_len; byte_idx++) {
					printf("%02x ", (unsigned int) signature[byte_idx]);
				}