aboutsummaryrefslogtreecommitdiffstats
path: root/src/fuzzer
diff options
context:
space:
mode:
Diffstat (limited to 'src/fuzzer')
-rw-r--r--src/fuzzer/mode_padding.cpp150
1 files changed, 150 insertions, 0 deletions
diff --git a/src/fuzzer/mode_padding.cpp b/src/fuzzer/mode_padding.cpp
new file mode 100644
index 000000000..05cb1a8f6
--- /dev/null
+++ b/src/fuzzer/mode_padding.cpp
@@ -0,0 +1,150 @@
+/*
+* (C) 2018 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "fuzzers.h"
+#include <botan/mode_pad.h>
+#include <botan/internal/tls_cbc.h>
+
+size_t ref_pkcs7_unpad(const uint8_t in[], size_t len)
+ {
+ if(len <= 2)
+ return len;
+
+ const size_t padding_length = in[len-1];
+
+ if(padding_length == 0 || padding_length > len)
+ return len;
+
+ const size_t padding_start = len - padding_length;
+
+ for(size_t i = padding_start; i != len; ++i)
+ {
+ if(in[i] != padding_length)
+ return len;
+ }
+
+ return len - padding_length;
+ }
+
+size_t ref_x923_unpad(const uint8_t in[], size_t len)
+ {
+ if(len <= 2)
+ return len;
+
+ const size_t padding_length = in[len-1];
+
+ if(padding_length == 0 || padding_length > len)
+ return len;
+ const size_t padding_start = len - padding_length;
+
+ for(size_t i = padding_start; i != len - 1; ++i)
+ {
+ if(in[i] != 0)
+ {
+ return len;
+ }
+ }
+
+ return len - padding_length;
+ }
+
+size_t ref_oneandzero_unpad(const uint8_t in[], size_t len)
+ {
+ if(len <= 2)
+ return len;
+
+ size_t idx = len - 1;
+
+ while(idx >= 0)
+ {
+ if(in[idx] == 0)
+ {
+ idx -= 1;
+ continue;
+ }
+ else if(in[idx] == 0x80)
+ {
+ return idx;
+ }
+ else
+ return len;
+ }
+
+ return len;
+ }
+
+size_t ref_esp_unpad(const uint8_t in[], size_t len)
+ {
+ if(len <= 2)
+ return len;
+
+ const size_t padding_bytes = in[len - 1];
+
+ if(padding_bytes == 0 || padding_bytes > len)
+ {
+ return len;
+ }
+
+ const size_t padding_start = len - padding_bytes;
+ for(size_t i = padding_start; i != len; ++i)
+ {
+ if(in[i] != (i - padding_start + 1))
+ {
+ return len;
+ }
+ }
+
+ return len - padding_bytes;
+ }
+
+uint16_t ref_tls_cbc_unpad(const uint8_t in[], size_t len)
+ {
+ if(len == 0)
+ return 0;
+
+ const size_t padding_length = in[(len-1)];
+
+ if(padding_length >= len)
+ return 0;
+
+ /*
+ * TLS v1.0 and up require all the padding bytes be the same value
+ * and allows up to 255 bytes.
+ */
+ for(size_t i = 0; i != 1 + padding_length; ++i)
+ {
+ if(in[(len-i-1)] != padding_length)
+ return 0;
+ }
+ return padding_length + 1;
+ }
+
+void fuzz(const uint8_t in[], size_t len)
+ {
+ Botan::PKCS7_Padding pkcs7;
+ const size_t ct_pkcs7 = pkcs7.unpad(in, len);
+ const size_t ref_pkcs7 = ref_pkcs7_unpad(in, len);
+ FUZZER_ASSERT_EQUAL(ct_pkcs7, ref_pkcs7);
+
+ Botan::ANSI_X923_Padding x923;
+ const size_t ct_x923 = x923.unpad(in, len);
+ const size_t ref_x923 = ref_x923_unpad(in, len);
+ FUZZER_ASSERT_EQUAL(ct_x923, ref_x923);
+
+ Botan::OneAndZeros_Padding oneandzero;
+ const size_t ct_oneandzero = oneandzero.unpad(in, len);
+ const size_t ref_oneandzero = ref_oneandzero_unpad(in, len);
+ FUZZER_ASSERT_EQUAL(ct_oneandzero, ref_oneandzero);
+
+ Botan::ESP_Padding esp;
+ const size_t ct_esp = esp.unpad(in, len);
+ const size_t ref_esp = ref_esp_unpad(in, len);
+ FUZZER_ASSERT_EQUAL(ct_esp, ref_esp);
+
+ const uint16_t ct_cbc = Botan::TLS::check_tls_cbc_padding(in, len);
+ const uint16_t ref_cbc = ref_tls_cbc_unpad(in, len);
+ FUZZER_ASSERT_EQUAL(ct_cbc, ref_cbc);
+ }