Diff

Differences From Artifact [eb71775c47]:

To Artifact [7dfc56607f]:


   640    640   	argv = argv;
   641    641   }
   642    642   #else /* CACKEY_TEST_AFL */
   643    643   #include <sys/stat.h>
   644    644   #include <sys/types.h>
   645    645   #include <fcntl.h>
   646    646   
          647  +static unsigned char *inputData;
          648  +static unsigned long inputDataLen;
          649  +
   647    650   /* Include the CACKey source */
   648    651   #include "cackey.c"
          652  +
          653  +#undef CACKEY_DEBUG_PRINTF
          654  +#define CACKEY_DEBUG_PRINTF(x...) /**/
          655  +#undef malloc
          656  +#undef realloc
          657  +#undef strdup
   649    658   
   650    659   /* Fake a smartcard */
          660  +const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci;
   651    661   static int scard_inTransaction = 0;
   652    662   static LONG scard_protocol;
          663  +
   653    664   
   654    665   PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) {
   655    666   	CACKEY_DEBUG_PRINTF("Called");
   656    667   
   657    668   	*phContext = 42;
   658    669   
   659    670   	return(SCARD_S_SUCCESS);
................................................................................
   784    795   	}
   785    796   
   786    797   	return(SCARD_S_SUCCESS);
   787    798   }
   788    799   
   789    800   PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) {
   790    801   	CACKEY_DEBUG_PRINTF("Called");
          802  +	unsigned int bytesToRead;
   791    803   
   792    804   	if (hCard != 99) {
   793    805   		return(SCARD_E_INVALID_HANDLE);
   794    806   	}
   795    807   
   796         -	pbRecvBuffer[0] = 0x90;
   797         -	pbRecvBuffer[1] = 0x00;
          808  +	if (inputDataLen <= 1) {
          809  +		*pcbRecvLength = 0;
   798    810   
   799         -	*pcbRecvLength = 2;
          811  +		return(SCARD_S_SUCCESS);
          812  +	}
          813  +
          814  +	bytesToRead = (inputData[0] << 8) | inputData[1];
          815  +
          816  +	inputData    += 2;
          817  +	inputDataLen -= 2;
          818  +
          819  +	if (bytesToRead > inputDataLen) {
          820  +		bytesToRead = inputDataLen;
          821  +	}
          822  +
          823  +	if (bytesToRead > *pcbRecvLength) {
          824  +		return(SCARD_E_INSUFFICIENT_BUFFER);
          825  +	}
          826  +
          827  +	*pcbRecvLength = bytesToRead;
          828  +
          829  +	memcpy(pbRecvBuffer, inputData, bytesToRead);
          830  +
          831  +	inputData += bytesToRead;
          832  +	inputDataLen -= bytesToRead;
   800    833   
   801    834   	return(SCARD_S_SUCCESS);
   802    835   }
   803    836   
   804    837   /* American Fuzzy Lop testing program */
   805    838   int main(int argc, char **argv) {
   806    839   	CK_FUNCTION_LIST_PTR pFunctionList;
................................................................................
   856    889   	CK_ULONG byte_idx;
   857    890   	CK_OBJECT_CLASS objectClass;
   858    891   	CK_BYTE signature[1024];
   859    892   	CK_ULONG signature_len;
   860    893   	CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0};
   861    894   	CK_RV chk_rv;
   862    895   	ssize_t read_ret;
   863         -	char data[8192], *fileName = NULL;
   864         -	unsigned long data_len;
          896  +	char *fileName = NULL;
   865    897   	int fd;
   866    898   	int i;
   867    899   	int initialized = 0;
   868    900   	int retval = 1;
   869    901   
   870    902   	fileName = argv[1];
   871    903   	if (fileName == NULL) {
................................................................................
   873    905   	}
   874    906   
   875    907   	fd = open(fileName, O_RDONLY);
   876    908   	if (fd < 0) {
   877    909   		goto cleanup;
   878    910   	}
   879    911   
   880         -	read_ret = read(fd, data, sizeof(data));
          912  +	inputDataLen = 16384;
          913  +	inputData = malloc(inputDataLen);
          914  +
          915  +	read_ret = read(fd, inputData, inputDataLen);
   881    916   	if (read_ret < 0) {
   882    917   		goto cleanup;
   883    918   	}
   884    919   
   885         -	data_len = read_ret;
          920  +	inputDataLen = read_ret;
          921  +	inputData = realloc(inputData, inputDataLen);
   886    922   
   887    923   	close(fd);
   888    924   
   889    925   	chk_rv = C_GetFunctionList(&pFunctionList);
   890    926   	if (chk_rv != CKR_OK) {
   891    927   		printf("C_GetFunctionList() failed.");
   892    928   
................................................................................
  1061   1097   	}
  1062   1098   
  1063   1099   	for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) {
  1064   1100   		chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey);
  1065   1101   		if (chk_rv == CKR_OK) {
  1066   1102   			signature_len = sizeof(signature);
  1067   1103   
  1068         -			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) data, data_len, (CK_BYTE_PTR) &signature, &signature_len);
         1104  +			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len);
  1069   1105   			if (chk_rv == CKR_OK) {
  1070   1106   				printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism);
  1071   1107   
  1072   1108   				for (byte_idx = 0; byte_idx < signature_len; byte_idx++) {
  1073   1109   					printf("%02x ", (unsigned int) signature[byte_idx]);
  1074   1110   				}
  1075   1111