OSX/sec/SOSCircle/Regressions/sc-31-peerinfo-simplefuzz.c

   1 /*
   2  *  sc-31-peerinfo.c
   3  *
   4  *  Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
   5  *
   6  */
   7
   8
   9 #include <Security/SecBase.h>
  10 #include <Security/SecItem.h>
  11 #include <Security/SecKey.h>
  12 #include <Security/SecKeyPriv.h>
  13 #include <SOSPeerInfoDER.h>
  14
  15 #include <Security/SecureObjectSync/SOSCircle.h>
  16 #include <Security/SecureObjectSync/SOSPeerInfo.h>
  17 #include <Security/SecureObjectSync/SOSPeerInfoCollections.h>
  18 #include <Security/SecureObjectSync/SOSInternal.h>
  19 #include <Security/SecureObjectSync/SOSUserKeygen.h>
  20
  21 #include <utilities/SecCFWrappers.h>
  22
  23 #include <CoreFoundation/CoreFoundation.h>
  24
  25 #include <stdlib.h>
  26 #include <unistd.h>
  27
  28 #include "SOSCircle_regressions.h"
  29
  30 #include "SOSRegressionUtilities.h"
  31
  32 #if TARGET_OS_IPHONE
  33 #include <MobileGestalt.h>
  34 #endif
  35
  36 static unsigned long kTestCount = 2;
  37 static unsigned long kTestFuzzerCount = 20000;
  38
  39 static void tests(void)
  40 {
  41     SecKeyRef signingKey = NULL;
  42     SecKeyRef octagonSigningKey = NULL;
  43     SOSFullPeerInfoRef fpi = SOSCreateFullPeerInfoFromName(CFSTR("Test Peer"), &signingKey, &octagonSigningKey, NULL);
  44     SOSPeerInfoRef pi = SOSFullPeerInfoGetPeerInfo(fpi);
  45     unsigned long count;
  46
  47     ok(NULL != pi, "info creation");
  48     size_t size = SOSPeerInfoGetDEREncodedSize(pi, NULL);
  49
  50     uint8_t buffer[size+100]; // make the buffer long enough to hold the DER + some room for the fuzzing
  51
  52     const uint8_t *buffer_p = SOSPeerInfoEncodeToDER(pi, NULL, buffer, buffer + sizeof(buffer));
  53
  54     ok(buffer_p != NULL, "encode");
  55
  56     size_t length = (buffer + sizeof(buffer)) - buffer_p;
  57     // diag("size %lu length %lu\n", size, length);
  58     uint8_t buffer2[length];
  59     if(buffer_p == NULL) goto errOut;
  60
  61         for (count = 0; count < kTestFuzzerCount; count++) {
  62             memcpy(buffer2, buffer_p, length);
  63
  64             const uint8_t *startp = buffer2;
  65             size_t offset = arc4random_uniform((u_int32_t)length);
  66             uint8_t value = arc4random() & 0xff;
  67             // diag("Offset %lu value %d\n", offset, value);
  68             buffer2[offset] = value;
  69
  70             SOSPeerInfoRef pi2 = SOSPeerInfoCreateFromDER(NULL, NULL, &startp, buffer2 + length);
  71             CFReleaseNull(pi2);
  72             ok(1, "fuzz");
  73         }
  74
  75 errOut:
  76     CFReleaseNull(signingKey);
  77     CFReleaseNull(octagonSigningKey);
  78     CFReleaseNull(fpi);
  79 }
  80
  81 int sc_31_peerinfo(int argc, char *const *argv)
  82 {
  83     plan_tests((int)(kTestCount + kTestFuzzerCount));
  84
  85     tests();
  86
  87         return 0;
  88 }