PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-09 18:29:39 +02:00
Code Issues Releases Wiki Activity

Fuzzer tests

Browse source
This commit is contained in:
Paul Schaub 2025-07-08 14:34:35 +02:00
parent 0d8ce6a50b
commit 307b3ae40b
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
27 changed files with 160 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

12
pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt
View file

@ -8,6 +8,7 @@ import java.io.IOException
import java.io.InputStream
import java.util.*
import openpgp.plusSeconds
import org.bouncycastle.bcpg.UnsupportedPacketVersionException
import org.bouncycastle.bcpg.sig.KeyExpirationTime
import org.bouncycastle.openpgp.*
import org.bouncycastle.util.encoders.Hex
@ -151,6 +152,7 @@ class SignatureUtils {
*/
@JvmStatic
fun readSignatures(inputStream: InputStream, maxIterations: Int): List<PGPSignature> {
try {
val signatures = mutableListOf<PGPSignature>()
val pgpIn = ArmorUtils.getDecoderStream(inputStream)
val objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(pgpIn)
@ -168,7 +170,8 @@ class SignatureUtils {
// getInputStream() does not do decompression, contrary to getDataStream().
Streams.drain(
(nextObject as PGPCompressedData)
.inputStream) // Skip packet without decompressing
.inputStream
) // Skip packet without decompressing
}
if (nextObject is PGPSignatureList) {
@ -182,6 +185,13 @@ class SignatureUtils {
pgpIn.close()
return signatures.toList()
} catch (e: UnsupportedPacketVersionException) {
throw PGPException("Unsupported packet version encountered.", e)
} catch (e: ClassCastException) {
throw PGPException("Unexpected packet encountered.", e)
} catch (e: IllegalArgumentException) {
throw PGPException("Malformed packet encountered.", e)
}
}
/**

5
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/DetachedVerifyImpl.kt
View file

@ -29,8 +29,11 @@ class DetachedVerifyImpl : DetachedVerify {
override fun data(data: InputStream): List<Verification> {
try {
val verificationStream =
try {
PGPainless.decryptAndOrVerify().onInputStream(data).withOptions(options)
} catch (e: RuntimeException) {
throw SOPGPException.BadData(e)
}
Streams.drain(verificationStream)
verificationStream.close()

4
pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/AsciiArmorFuzzTest.java
View file

@ -1,3 +1,7 @@
// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.sop.fuzzing;
import com.code_intelligence.jazzer.api.FuzzedDataProvider;

4
pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/ParseCertFuzzTest.java
View file

@ -1,3 +1,7 @@
// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.sop.fuzzing;
import com.code_intelligence.jazzer.api.FuzzedDataProvider;

96
pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SignatureFuzzTest.java Normal file
View file

@ -0,0 +1,96 @@
// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.sop.fuzzing;
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.code_intelligence.jazzer.junit.FuzzTest;
import org.pgpainless.sop.SOPImpl;
import sop.SOP;
import sop.Verification;
import sop.exception.SOPGPException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.List;
public class SignatureFuzzTest {
private final SOP sop = new SOPImpl();
private final byte[] data = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);
private final String key = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
"Comment: D7BC FF6B B105 40D9 87F9 CB6E 542D C9F6 FCAE AD63\n" +
"Comment: Alice <alice@pgpainless.org>\n" +
"\n" +
"lFgEaGzu+BYJKwYBBAHaRw8BAQdAlqjB241N44drAJvxa3wx0uRb5bxuVNXrCwPZ\n" +
"yf4Qg+MAAQCpACcGmoOPZISRbMjRzI/0Wf5iIZwp7r9huzLe6NToBRFxtBxBbGlj\n" +
"ZSA8YWxpY2VAcGdwYWlubGVzcy5vcmc+wpUEExYKAEcFgmhs7vgJEFQtyfb8rq1j\n" +
"FiEE17z/a7EFQNmH+ctuVC3J9vyurWMCngECmwEFFgIDAQAECwkIBwUVCgkICwWJ\n" +
"CWYBfwKZAQAA1SMBAIuffSIKKkG73rWInDrfV6G0kCh/uP7Qf3Jh4A+x5BrvAP42\n" +
"KANAmmLmDVsPGWEPEAlCAJFwKZvHzvYsk8dEFNZEDJxYBGhs7vgWCSsGAQQB2kcP\n" +
"AQEHQOPChGD0z51fOsnFswJPNmhzxdhZHuXCxbEJ+/5WhU9QAAEA3i0J/Vbyhj92\n" +
"kd8gsjLUIkbDHGGDb/vfRCgmRAySF1MOL8LAFQQYFgoAfQWCaGzu+AKeAQKbAgUW\n" +
"AgMBAAQLCQgHBRUKCQgLXyAEGRYKAAYFgmhs7vgACgkQIvV9b29BRNSV1AEAtywX\n" +
"h7bdVq0597D0JfASIvo/ksyHsTyf/JRVH6M0Gv0A/RvFJnVRt1EitamD8i2mX2H3\n" +
"yC2lP2t1WzTafT7GzkYMAAoJEFQtyfb8rq1jhRABAIb/GkyCOlU02zfDMd5UHQ4J\n" +
"EpexaSodCvrGcQMA5t2nAPsEPXQOl1AOdJoc/sICsVAi4DvxohelpWJ19ZUy7WYQ\n" +
"CZxdBGhs7vgSCisGAQQBl1UBBQEBB0BeCegzdBr3B6+q3IBjkzNXPfLopNi2d+sL\n" +
"9hcbV9ztDgMBCAcAAP9hFCttDV8qWyven96rQ0WKGfVo1bKp2EZHGUR7tIScWA9P\n" +
"wnUEGBYKAB0Fgmhs7vgCngECmwwFFgIDAQAECwkIBwUVCgkICwAKCRBULcn2/K6t\n" +
"Y7GuAP9Kf1Ec1GJmZ99UHsgiN60os+6adMLj4G2ASiIbNSDvKgD9F/VLFIb/eN7k\n" +
"JQp3E5C15x5pMMKEI/rjwdrKmYH3aAw=\n" +
"=hnEg\n" +
"-----END PGP PRIVATE KEY BLOCK-----";
private final String cert = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"Comment: D7BC FF6B B105 40D9 87F9 CB6E 542D C9F6 FCAE AD63\n" +
"Comment: Alice <alice@pgpainless.org>\n" +
"\n" +
"mDMEaGzu+BYJKwYBBAHaRw8BAQdAlqjB241N44drAJvxa3wx0uRb5bxuVNXrCwPZ\n" +
"yf4Qg+O0HEFsaWNlIDxhbGljZUBwZ3BhaW5sZXNzLm9yZz7ClQQTFgoARwWCaGzu\n" +
"+AkQVC3J9vyurWMWIQTXvP9rsQVA2Yf5y25ULcn2/K6tYwKeAQKbAQUWAgMBAAQL\n" +
"CQgHBRUKCQgLBYkJZgF/ApkBAADVIwEAi599IgoqQbvetYicOt9XobSQKH+4/tB/\n" +
"cmHgD7HkGu8A/jYoA0CaYuYNWw8ZYQ8QCUIAkXApm8fO9iyTx0QU1kQMuDMEaGzu\n" +
"+BYJKwYBBAHaRw8BAQdA48KEYPTPnV86ycWzAk82aHPF2Fke5cLFsQn7/laFT1DC\n" +
"wBUEGBYKAH0Fgmhs7vgCngECmwIFFgIDAQAECwkIBwUVCgkIC18gBBkWCgAGBYJo\n" +
"bO74AAoJECL1fW9vQUTUldQBALcsF4e23VatOfew9CXwEiL6P5LMh7E8n/yUVR+j\n" +
"NBr9AP0bxSZ1UbdRIrWpg/Itpl9h98gtpT9rdVs02n0+xs5GDAAKCRBULcn2/K6t\n" +
"Y4UQAQCG/xpMgjpVNNs3wzHeVB0OCRKXsWkqHQr6xnEDAObdpwD7BD10DpdQDnSa\n" +
"HP7CArFQIuA78aIXpaVidfWVMu1mEAm4OARobO74EgorBgEEAZdVAQUBAQdAXgno\n" +
"M3Qa9wevqtyAY5MzVz3y6KTYtnfrC/YXG1fc7Q4DAQgHwnUEGBYKAB0Fgmhs7vgC\n" +
"ngECmwwFFgIDAQAECwkIBwUVCgkICwAKCRBULcn2/K6tY7GuAP9Kf1Ec1GJmZ99U\n" +
"HsgiN60os+6adMLj4G2ASiIbNSDvKgD9F/VLFIb/eN7kJQp3E5C15x5pMMKEI/rj\n" +
"wdrKmYH3aAw=\n" +
"=4uX6\n" +
"-----END PGP PUBLIC KEY BLOCK-----";
@FuzzTest(
maxDuration = "60s"
)
public void verifyFuzzedSig(FuzzedDataProvider provider) throws IOException {
byte[] sig = provider.consumeBytes(1024);
if (sig.length == 0) {
return;
}
try {
List<Verification> verifs = sop.verify()
.cert(cert.getBytes(StandardCharsets.UTF_8))
.signatures(sig)
.data(data);
if (verifs.isEmpty()) {
return;
}
for (Verification v : verifs) {
System.out.println(v.toString());
}
} catch (SOPGPException.NoSignature e) {
// ignore
} catch (SOPGPException.BadData e) {
// expected
}
}
}

1
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-94d4f79102352b762d29a2596cec0a16fb4f6a61 Normal file
View file

@ -0,0 +1 @@
xjsFwxylML8M9MlS

1
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-f76fa673913fd9409423d16fc3593596cbf71023 Normal file
View file

@ -0,0 +1 @@
xjx

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-0cf7eacc2a3bac835ac97aa40d8f7735cef966c4 Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-13384a176fc0bacf13f7a6431bdca5ccc30f8baa Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-40a90a6a0d5a51ec600e9ec6b54e7377f072fd3c Normal file
View file

Binary file not shown.

1
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5a8ca84c7d4d9b055f05c55b1f707f223979d387 Normal file
View file

@ -0,0 +1 @@


BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5aed3e11291d53244b523b605011b3b0fd26ba4b Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5f55f2f1999e35e7dc4da488679f149bc38a9ace Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-6a5368d90575590101c96b99febb74e17388e388 Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e75de4a2f16140d7f0fc47f1b17c24186cfcdec Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e9ebd7736a1e6ee971dc3d328e9e929caaa101b Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a398e552b9fe8bcb6d6c2cac6fb6e564762c87f9 Normal file
View file

Binary file not shown.

1
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a4dc44449d64decbb5459f8572b54af63a4eb4f8 Normal file
View file

@ -0,0 +1 @@
00000000000000000000000000000000000000000000000000000000000000

1
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-bea7acca1916ad2e8fcc55c6c22372fa8db47f10 Normal file
View file

@ -0,0 +1 @@
<EFBFBD>

1
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c000a51366616d33f9df61c9260fba450f9e2e7c Normal file
View file

@ -0,0 +1 @@
<EFBFBD>

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c4a0ed88c991d1482b6eb0301f6a48005a711def Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c71f29422931ea494827e83f146ff3caed79129f Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-ce933ff5f8546a54ac5d85df62509dc8c6faf74e Normal file
View file

Binary file not shown.

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-dae649c2d3128fa2e70857e1d4598566ec669192 Normal file
View file

Binary file not shown.

1
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-f03f6f5bb897abe1c95a7058ebfb101855207798 Normal file
View file

@ -0,0 +1 @@
覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧#

7
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.asc Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
wnUEABYKACcFgmhs7vgJECL1fW9vQUTUFiEELgSiuyj9W99u41BmIvV9b29BRNQA
ALkiAQDRulwayys9tufqrCg+AGCTyBp0SZT9PBOiCk2iZSb4zgEAvc3R88D3LI0C
kmchJW/WW7JGsmrwO4EZIBu1alzkggk=
=w4js
-----END PGP SIGNATURE-----

BIN
pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.bin Normal file
View file

Binary file not shown.