CACKey
Check-in [75b2699549]
Login
HomeDownloadsSource CodeWiki
Overview
Comment:Better cleanup now that we exclude some bytes in debug printing buffer
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 75b2699549365144e4d512815d79478b6a1bb2e0
User & Date: rkeene on 2015-07-24 15:11:35
Other Links: manifest | tags
Context
2015-07-27
15:41
Simplified test code for AFL and added it to the Makefile check-in: 79322b800c user: rkeene tags: trunk
2015-07-24
15:11
Better cleanup now that we exclude some bytes in debug printing buffer check-in: 75b2699549 user: rkeene tags: trunk
15:10
Fixed issue with NULL tags found with AFL fuzzing check-in: 74d7607e3c user: rkeene tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified cackey.c from [a17e1982da] to [486977c92e]. 

220
221
222
223
224
225
226

227
228
229
230
231
232
233

220
221
222
223
224
225
226
227
228
229
230
231
232
233
234








+








	static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
	unsigned long buf_user_size; \
	unsigned char *TMPBUF; \
	unsigned long idx; \
	int snprintf_ret; \
	TMPBUF = (unsigned char *) (x); \
	buf_user[0] = 0; \
	buf_user[2] = 0; \
	buf_user_p = buf_user; \
	buf_user_size = sizeof(buf_user); \
	for (idx = 0; idx < (y); idx++) { \
		if (buf_user_size <= 0) { \
			break; \
		}; \
		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \

Modified test.c from [eb71775c47] to [7dfc56607f]. 

640
641
642
643
644
645
646



647
648
649






650

651
652

653
654
655
656
657
658
659

640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670








+
+
+



+
+
+
+
+
+

+


+








	argv = argv;
}
#else /* CACKEY_TEST_AFL */
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>

static unsigned char *inputData;
static unsigned long inputDataLen;

/* Include the CACKey source */
#include "cackey.c"

#undef CACKEY_DEBUG_PRINTF
#define CACKEY_DEBUG_PRINTF(x...) /**/
#undef malloc
#undef realloc
#undef strdup

/* Fake a smartcard */
const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci;
static int scard_inTransaction = 0;
static LONG scard_protocol;


PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) {
	CACKEY_DEBUG_PRINTF("Called");

	*phContext = 42;

	return(SCARD_S_SUCCESS);

784
785
786
787
788
789
790

791
792
793
794
795


796
797





798











799






800
801
802
803
804
805
806

795
796
797
798
799
800
801
802
803
804
805
806
807
808
809


810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826

827
828
829
830
831
832
833
834
835
836
837
838
839








+





+
+
-
-
+
+
+
+
+

+
+
+
+
+
+
+
+
+
+
+
-
+
+
+
+
+
+








	}

	return(SCARD_S_SUCCESS);
}

PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) {
	CACKEY_DEBUG_PRINTF("Called");
	unsigned int bytesToRead;

	if (hCard != 99) {
		return(SCARD_E_INVALID_HANDLE);
	}

	if (inputDataLen <= 1) {
		*pcbRecvLength = 0;
	pbRecvBuffer[0] = 0x90;
	pbRecvBuffer[1] = 0x00;

		return(SCARD_S_SUCCESS);
	}

	bytesToRead = (inputData[0] << 8) | inputData[1];

	inputData    += 2;
	inputDataLen -= 2;

	if (bytesToRead > inputDataLen) {
		bytesToRead = inputDataLen;
	}

	if (bytesToRead > *pcbRecvLength) {
		return(SCARD_E_INSUFFICIENT_BUFFER);
	}

	*pcbRecvLength = 2;
	*pcbRecvLength = bytesToRead;

	memcpy(pbRecvBuffer, inputData, bytesToRead);

	inputData += bytesToRead;
	inputDataLen -= bytesToRead;

	return(SCARD_S_SUCCESS);
}

/* American Fuzzy Lop testing program */
int main(int argc, char **argv) {
	CK_FUNCTION_LIST_PTR pFunctionList;

856
857
858
859
860
861
862
863

864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879



880

881
882
883
884
885


886
887
888
889
890
891
892

889
890
891
892
893
894
895

896

897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914

915
916
917
918
919

920
921
922
923
924
925
926
927
928








-
+
-















+
+
+
-
+




-
+
+








	CK_ULONG byte_idx;
	CK_OBJECT_CLASS objectClass;
	CK_BYTE signature[1024];
	CK_ULONG signature_len;
	CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0};
	CK_RV chk_rv;
	ssize_t read_ret;
	char data[8192], *fileName = NULL;
	char *fileName = NULL;
	unsigned long data_len;
	int fd;
	int i;
	int initialized = 0;
	int retval = 1;

	fileName = argv[1];
	if (fileName == NULL) {
		goto cleanup;
	}

	fd = open(fileName, O_RDONLY);
	if (fd < 0) {
		goto cleanup;
	}

	inputDataLen = 16384;
	inputData = malloc(inputDataLen);

	read_ret = read(fd, data, sizeof(data));
	read_ret = read(fd, inputData, inputDataLen);
	if (read_ret < 0) {
		goto cleanup;
	}

	data_len = read_ret;
	inputDataLen = read_ret;
	inputData = realloc(inputData, inputDataLen);

	close(fd);

	chk_rv = C_GetFunctionList(&pFunctionList);
	if (chk_rv != CKR_OK) {
		printf("C_GetFunctionList() failed.");


1061
1062
1063
1064
1065
1066
1067
1068

1069
1070
1071
1072
1073
1074
1075

1097
1098
1099
1100
1101
1102
1103

1104
1105
1106
1107
1108
1109
1110
1111








-
+








	}

	for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) {
		chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey);
		if (chk_rv == CKR_OK) {
			signature_len = sizeof(signature);

			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) data, data_len, (CK_BYTE_PTR) &signature, &signature_len);
			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len);
			if (chk_rv == CKR_OK) {
				printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism);

				for (byte_idx = 0; byte_idx < signature_len; byte_idx++) {
					printf("%02x ", (unsigned int) signature[byte_idx]);
				}

Powered by Fossil · RSS