Fuzz PGPObjectFactory

pgpainless-core/build.gradle

@@ -12,6 +12,9 @@ dependencies {
     testImplementation "org.junit.jupiter:junit-jupiter-params:$junitVersion"
     testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
 
+    // Jazzer for Fuzzing
+    testImplementation "com.code-intelligence:jazzer-junit:$jazzerVersion"
+
     // Mocking Components
     testImplementation "org.mockito:mockito-core:$mockitoVersion"
 

pgpainless-core/src/test/kotlin/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTest.kt

@@ -0,0 +1,48 @@
+// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.bouncycastle.fuzzing
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider
+import com.code_intelligence.jazzer.junit.DictionaryFile
+import com.code_intelligence.jazzer.junit.FuzzTest
+import org.bouncycastle.bcpg.ArmoredInputException
+import org.bouncycastle.bcpg.UnsupportedPacketVersionException
+import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.PGPUtil
+import org.bouncycastle.openpgp.bc.BcPGPObjectFactory
+import java.io.EOFException
+import java.io.IOException
+
+class PGPObjectFactoryFuzzingTest {
+
+    @FuzzTest
+    @DictionaryFile(resourcePath = "ascii_armor.dict")
+    @DictionaryFile(resourcePath = "openpgp.dict")
+    fun parseFuzzedObjects(provider: FuzzedDataProvider) {
+        val encoding = provider.consumeRemainingAsBytes()
+
+        if (encoding.isEmpty()) {
+            return
+        }
+        try {
+            val decIn = PGPUtil.getDecoderStream(encoding.inputStream())
+            val objFac = BcPGPObjectFactory(decIn)
+            var obj = objFac.nextObject()
+            while (obj != null) {
+                obj = objFac.nextObject()
+            }
+        } catch (e: ArmoredInputException) {
+            return
+        } catch (e: PGPException) {
+            return
+        } catch (e: EOFException) {
+            return
+        } catch (e: IOException) {
+            return
+        } catch (e: UnsupportedPacketVersionException) {
+            return
+        }
+    }
+}

pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-16f60c43a386bd079675f4b67da22a6abc986fa1

@@ -0,0 +1 @@
+»ЏОхТО---Q(K

pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-f25481c9ffd17932404b3826bbc97c6a1f818446

@@ -0,0 +1,5 @@
+-----BEGIN PGP MESSAGÚ-----
+
+ywtiAAECAwTA/+66vg==
+=pAS2
+-----END PGP MESSAGE-----

pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/literaldata_binary_coffeebabe.asc

@@ -0,0 +1,5 @@
+-----BEGIN PGP MESSAGE-----
+
+ywtiAAECAwTA/+66vg==
+=pAS2
+-----END PGP MESSAGE-----

pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/ascii_armor.dict

@@ -0,0 +1,39 @@
+#
+# AFL Dictionary for OpenPGP (RFC9580)
+# ------------------------------------------
+#
+# Created by Paul Schaub <info@pgpainless.org>
+
+#
+# ASCII Armor
+#
+BEGIN_PGP_MESSAGE="-----BEGIN PGP MESSAGE-----"
+END_PGP_MESSAGE="-----END PGP MESSAGE-----"
+BEGIN_PGP_SIGNATURE="-----BEGIN PGP SIGNATURE-----"
+END_PGP_SIGNATURE="-----END PGP SIGNATURE-----"
+BEGIN_PGP_PUBLIC_KEY="-----BEGIN PGP PUBLIC KEY-----"
+END_PGP_PUBLIC_KEY="-----END PGP PUBLIC KEY-----"
+BEGIN_PGP_PUBLIC_KEY_BLOCK="-----BEGIN PGP PUBLIC KEY BLOCK-----"
+END_PGP_PUBLIC_KEY_BLOCK="-----END PGP PUBLIC KEY BLOCK-----"
+BEGIN_PGP_PRIVATE_KEY="-----BEGIN PGP PRIVATE KEY-----"
+END_PGP_PRIVATE_KEY="-----END PGP PRIVATE KEY-----"
+BEGIN_PGP_PRIVATE_KEY_BLOCK="-----BEGIN PGP PRIVATE KEY BLOCK-----"
+END_PGP_PRIVATE_KEY_BLOCK="-----END PGP PRIVATE KEY BLOCK-----"
+BEGIN_PGP_SIGNED_MESSAGE="-----BEGIN PGP SIGNED MESSAGE-----"
+
+HEADER_VERSION="Version"
+HEADER_COMMENT="Comment"
+HEADER_HASH="Hash"
+HEADER_CHARSET="Charset"
+HASH_SHA224="SHA224"
+HASH_SHA256="SHA256"
+HASH_SHA384="SHA384"
+HASH_SHA512="SHA512"
+
+PART_BEGIN="BEGIN"
+PART_PGP="PGP"
+PART_MESSAGE="MESSAGE"
+PART_BLOCK="BLOCK"
+PART_PUBLIC="PUBLIC"
+PART_PRIVATE="PRIVATE"
+PART_KEY="KEY"

pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/openpgp.dict

@@ -0,0 +1,34 @@
+#
+# AFL Dictionary for OpenPGP (RFC9580)
+# ------------------------------------------
+#
+# Created by Paul Schaub <info@pgpainless.org>
+
+#
+# Packet Type IDs
+#
+RESERVED="\x00"
+PKESK="\x01"
+SIG="\x02"
+SKESK="\0x03"
+OPS="\x04"
+SECKEY="\x05"
+PUBKEY="\x06"
+SECSUBKEY="\x07"
+COMP="\x08"
+SED="\x09"
+MARKER="\x0A"
+LIT="\x0B"
+TRUST="\x0C"
+UID="\x0D"
+PUBSUBKEY="\x0E"
+UAT="\x11"
+SEIPD="\x12"
+MOD="\x13"
+RES20="\x14"
+PADDING="\x15"
+
+#
+# Entire Packets
+#
+MARKER_PACKET="\xCA\x03\x50\x47\x50"