aws-crt 0.1.4 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/aws-crt-ffi/crt/aws-c-cal/CMakeLists.txt +2 -0
  5. data/aws-crt-ffi/crt/aws-c-cal/bin/produce_x_platform_fuzz_corpus/CMakeLists.txt +30 -0
  6. data/aws-crt-ffi/crt/aws-c-cal/bin/produce_x_platform_fuzz_corpus/main.c +208 -0
  7. data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/CMakeLists.txt +30 -0
  8. data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/main.c +244 -0
  9. data/aws-crt-ffi/crt/aws-c-cal/ecdsa-fuzz-corpus/darwin/p256_sig_corpus.txt +10000 -0
  10. data/aws-crt-ffi/crt/aws-c-cal/ecdsa-fuzz-corpus/windows/p256_sig_corpus.txt +10000 -0
  11. data/aws-crt-ffi/crt/aws-c-cal/source/windows/bcrypt_ecc.c +8 -0
  12. data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +11 -10
  13. data/aws-crt-ffi/crt/aws-c-io/include/aws/io/tls_channel_handler.h +2 -0
  14. data/aws-crt-ffi/crt/aws-c-io/source/darwin/darwin_pki_utils.c +8 -0
  15. data/aws-crt-ffi/crt/aws-c-io/source/tls_channel_handler.c +2 -0
  16. data/aws-crt-ffi/crt/aws-c-io/source/windows/windows_pki_utils.c +65 -35
  17. data/aws-crt-ffi/crt/s2n/CMakeLists.txt +67 -21
  18. data/aws-crt-ffi/crt/s2n/Makefile +10 -0
  19. data/aws-crt-ffi/crt/s2n/bin/Makefile +9 -0
  20. data/aws-crt-ffi/crt/s2n/bindings/rust/Makefile +14 -0
  21. data/aws-crt-ffi/crt/s2n/bindings/rust/integration/Cargo.toml +2 -2
  22. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +3 -2
  23. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/raw/config.rs +265 -39
  24. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/raw/connection.rs +170 -20
  25. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +120 -0
  26. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/testing.rs +58 -23
  27. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/Cargo.toml +1 -1
  28. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/src/internal.rs +3 -0
  29. data/aws-crt-ffi/crt/s2n/crypto/s2n_composite_cipher_aes_sha.c +1 -1
  30. data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.c +8 -3
  31. data/aws-crt-ffi/crt/s2n/error/s2n_errno.c +3 -0
  32. data/aws-crt-ffi/crt/s2n/error/s2n_errno.h +2 -0
  33. data/aws-crt-ffi/crt/s2n/lib/Makefile +11 -0
  34. data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_90s_r2/ntt.h +2 -2
  35. data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r2/ntt.h +2 -2
  36. data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r3/kyber512r3_poly_avx2.h +2 -2
  37. data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r3/kyber512r3_polyvec_avx2.h +2 -2
  38. data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r1/P503_internal_r1.h +1 -1
  39. data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r1/fips202_r1.h +1 -1
  40. data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r3/sikep434r3_fp_x64_asm.S +4 -0
  41. data/aws-crt-ffi/crt/s2n/s2n.mk +25 -0
  42. data/aws-crt-ffi/crt/s2n/scripts/s2n_safety_macros.py +14 -0
  43. data/aws-crt-ffi/crt/s2n/tests/benchmark/Readme.md +23 -9
  44. data/aws-crt-ffi/crt/s2n/tests/features/clone.c +24 -0
  45. data/aws-crt-ffi/crt/s2n/tests/features/madvise.c +27 -0
  46. data/aws-crt-ffi/crt/s2n/tests/features/minherit.c +22 -0
  47. data/aws-crt-ffi/crt/s2n/tests/integrationv2/conftest.py +2 -2
  48. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +1 -1
  49. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_fork_generation_number_test.c +335 -0
  50. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_mem_usage_test.c +1 -1
  51. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_client_hello_cb_test.c +93 -11
  52. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_hello_retry_test.c +123 -1
  53. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c +18 -3
  54. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_test.c +0 -38
  55. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_secrets_test.c +134 -15
  56. data/aws-crt-ffi/crt/s2n/tls/s2n_cipher_suites.c +1 -1
  57. data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.c +20 -9
  58. data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.h +8 -0
  59. data/aws-crt-ffi/crt/s2n/tls/s2n_config.c +13 -0
  60. data/aws-crt-ffi/crt/s2n/tls/s2n_config.h +6 -0
  61. data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_io.c +2 -1
  62. data/aws-crt-ffi/crt/s2n/tls/s2n_internal.h +9 -0
  63. data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_key_schedule.c +7 -7
  64. data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.c +61 -8
  65. data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.h +11 -5
  66. data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.c +367 -0
  67. data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.h +28 -0
  68. data/aws-crt-ffi/crt/s2n/utils/s2n_safety_macros.h +13 -22
  69. metadata +18 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7617304a819da25587f46d5c40ea606a15790e649ff5a86af263fd47c2697092
4
- data.tar.gz: 18085bd6162a6fe4a68cb781e2154e395f53017af70aee98a9c4cd02736240f0
3
+ metadata.gz: 9c3578992e03398bdf9bd93ddf82e7ce0405d4f1dde997cd1a524a9c67df6282
4
+ data.tar.gz: 0dfd9eecda72388ef0196c7f64b8a669ab747e3d6517aa7aa165d7e4d2b77b71
5
5
  SHA512:
6
- metadata.gz: a78f55c2104cf590604a17aee492b93b0d303600d989175d2c9b35a4805d1fd1c857be4c49360c3ffb6224c15b4e7212c0850f9aed7f07c51e503bff1764dd30
7
- data.tar.gz: cdeaad2db57abbce49d384d78329c5100b47c8a4afcf4e071996a05d680753db50a74179300ea69baf9c547b2c91fe0fe9fa037cf415715150d72fdd0958b2c2
6
+ metadata.gz: 8a24cb9ef29ec68853c2209c194b2aeedda14d97197da7f3f99d0d81c77ffddf2073f916133c439a961d774a4b1bef265dc7c4f2ea7efd579455d41b8687041d
7
+ data.tar.gz: 0f364196764d0405e6304d6320362971d927c71e249083e1b3d0bbba783a543eb1f9c860adf207cdba8c40cbbc75d2a539ae51c543bc244e3c2d1f35c9cec9ea
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 0.1.5 (2022-04-05)
5
+ ------------------
6
+
7
+ * Issue - Update to the latest aws-crt-ffi.
8
+
4
9
  0.1.4 (2022-03-15)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.4
1
+ 0.1.5
@@ -173,6 +173,8 @@ if (NOT CMAKE_CROSSCOMPILING AND NOT BYO_CRYPTO)
173
173
  include(CTest)
174
174
  if (BUILD_TESTING)
175
175
  add_subdirectory(bin/sha256_profile)
176
+ add_subdirectory(bin/produce_x_platform_fuzz_corpus)
177
+ add_subdirectory(bin/run_x_platform_fuzz_corpus)
176
178
  add_subdirectory(tests)
177
179
  endif()
178
180
  endif()
@@ -0,0 +1,30 @@
1
+
2
+ project(produce_x_platform_fuzz_corpus C)
3
+
4
+ list(APPEND CMAKE_MODULE_PATH "${CMAKE_INSTALL_PREFIX}/lib/cmake")
5
+
6
+ file(GLOB PROFILE_SRC
7
+ "*.c"
8
+ )
9
+
10
+ set(PROFILE_PROJECT_NAME produce_x_platform_fuzz_corpus)
11
+ add_executable(${PROFILE_PROJECT_NAME} ${PROFILE_SRC})
12
+ aws_set_common_properties(${PROFILE_PROJECT_NAME})
13
+
14
+
15
+ target_include_directories(${PROFILE_PROJECT_NAME} PUBLIC
16
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
17
+ $<INSTALL_INTERFACE:include>)
18
+
19
+ target_link_libraries(${PROFILE_PROJECT_NAME} aws-c-cal)
20
+
21
+ if (BUILD_SHARED_LIBS AND NOT WIN32)
22
+ message(INFO " produce_x_platform_fuzz_corpus will be built with shared libs, but you may need to set LD_LIBRARY_PATH=${CMAKE_INSTALL_PREFIX}/lib to run the application")
23
+ endif()
24
+
25
+ install(TARGETS ${PROFILE_PROJECT_NAME}
26
+ EXPORT ${PROFILE_PROJECT_NAME}-targets
27
+ COMPONENT Runtime
28
+ RUNTIME
29
+ DESTINATION bin
30
+ COMPONENT Runtime)
@@ -0,0 +1,208 @@
1
+ /**
2
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ * SPDX-License-Identifier: Apache-2.0.
4
+ */
5
+
6
+ #include <aws/cal/cal.h>
7
+ #include <aws/cal/ecc.h>
8
+ #include <aws/cal/hash.h>
9
+
10
+ #include <aws/common/command_line_parser.h>
11
+ #include <aws/common/encoding.h>
12
+ #include <aws/common/file.h>
13
+ #include <aws/common/string.h>
14
+
15
+ #include <inttypes.h>
16
+
17
+ struct produce_corpus_ctx {
18
+ struct aws_allocator *allocator;
19
+ const char *root_path;
20
+ };
21
+
22
+ static struct aws_cli_option s_long_options[] = {
23
+ {"output-path", AWS_CLI_OPTIONS_REQUIRED_ARGUMENT, NULL, 'o'},
24
+ {"help", AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 'h'},
25
+ /* Per getopt(3) the last element of the array has to be filled with all zeros */
26
+ {NULL, AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 0},
27
+ };
28
+
29
+ static void s_usage(int exit_code) {
30
+
31
+ fprintf(stderr, "usage: produce_x_platform_fuzz_corpus [options]\n");
32
+ fprintf(stderr, "\n Options:\n\n");
33
+ fprintf(
34
+ stderr, " --output-path DIRECTORY: path to output corpus to, default is the current working directory.\n");
35
+ fprintf(stderr, " -h, --help\n");
36
+ fprintf(stderr, " Display this message and quit.\n");
37
+ exit(exit_code);
38
+ }
39
+
40
+ static void s_parse_options(int argc, char **argv, struct produce_corpus_ctx *ctx) {
41
+ while (true) {
42
+ int option_index = 0;
43
+ int c = aws_cli_getopt_long(argc, argv, "o:h", s_long_options, &option_index);
44
+ if (c == -1) {
45
+ break;
46
+ }
47
+
48
+ switch (c) {
49
+ case 0:
50
+ /* getopt_long() returns 0 if an option.flag is non-null */
51
+ break;
52
+ case 'o':
53
+ ctx->root_path = aws_cli_optarg;
54
+ break;
55
+ case 'h':
56
+ s_usage(0);
57
+ break;
58
+ default:
59
+ fprintf(stderr, "Unknown option\n");
60
+ s_usage(1);
61
+ }
62
+ }
63
+ }
64
+
65
+ /**
66
+ * Runs thousands of ECDSA signatures, and dumps them out to a file. This assumes the same public key and
67
+ * message to sign scheme is used by the verifying program.
68
+ */
69
+ int main(int argc, char *argv[]) {
70
+ struct aws_allocator *allocator = aws_default_allocator();
71
+ aws_cal_library_init(allocator);
72
+
73
+ struct produce_corpus_ctx ctx = {
74
+ .allocator = allocator,
75
+ };
76
+
77
+ s_parse_options(argc, argv, &ctx);
78
+
79
+ struct aws_byte_buf output_path;
80
+ aws_byte_buf_init(&output_path, allocator, 1024);
81
+ struct aws_byte_cursor sub_dir_cur;
82
+
83
+ if (ctx.root_path) {
84
+ struct aws_byte_cursor root_path = aws_byte_cursor_from_c_str(ctx.root_path);
85
+ aws_byte_buf_append_dynamic(&output_path, &root_path);
86
+
87
+ if (root_path.ptr[root_path.len - 1] != AWS_PATH_DELIM) {
88
+ aws_byte_buf_append_byte_dynamic(&output_path, (uint8_t)AWS_PATH_DELIM);
89
+ }
90
+ }
91
+
92
+ #ifdef _WIN32
93
+ sub_dir_cur = aws_byte_cursor_from_c_str("windows\\");
94
+ #elif __APPLE__
95
+ sub_dir_cur = aws_byte_cursor_from_c_str("darwin/");
96
+ #else
97
+ sub_dir_cur = aws_byte_cursor_from_c_str("unix/");
98
+ #endif
99
+
100
+ aws_byte_buf_append_dynamic(&output_path, &sub_dir_cur);
101
+ struct aws_string *directory = aws_string_new_from_buf(allocator, &output_path);
102
+ aws_directory_create(directory);
103
+ aws_string_destroy(directory);
104
+
105
+ struct aws_byte_cursor file_name = aws_byte_cursor_from_c_str("p256_sig_corpus.txt");
106
+ aws_byte_buf_append_dynamic(&output_path, &file_name);
107
+
108
+ struct aws_string *path = aws_string_new_from_buf(allocator, &output_path);
109
+ struct aws_string *mode = aws_string_new_from_c_str(allocator, "w");
110
+ FILE *output_file = aws_fopen_safe(path, mode);
111
+
112
+ if (!output_file) {
113
+ fprintf(
114
+ stderr,
115
+ "Error %s, while opening file to: %s\n",
116
+ aws_error_debug_str(aws_last_error()),
117
+ aws_string_c_str(path));
118
+ exit(-1);
119
+ }
120
+
121
+ aws_string_destroy(mode);
122
+ aws_string_destroy(path);
123
+ aws_byte_buf_clean_up(&output_path);
124
+
125
+ /* use pre-built private/pub key pairs, we'll fuzz via the input. */
126
+ uint8_t d[] = {
127
+ 0x51, 0x9b, 0x42, 0x3d, 0x71, 0x5f, 0x8b, 0x58, 0x1f, 0x4f, 0xa8, 0xee, 0x59, 0xf4, 0x77, 0x1a,
128
+ 0x5b, 0x44, 0xc8, 0x13, 0x0b, 0x4e, 0x3e, 0xac, 0xca, 0x54, 0xa5, 0x6d, 0xda, 0x72, 0xb4, 0x64,
129
+ };
130
+
131
+ struct aws_byte_cursor private_key = aws_byte_cursor_from_array(d, sizeof(d));
132
+
133
+ uint8_t x[] = {
134
+ 0x1c, 0xcb, 0xe9, 0x1c, 0x07, 0x5f, 0xc7, 0xf4, 0xf0, 0x33, 0xbf, 0xa2, 0x48, 0xdb, 0x8f, 0xcc,
135
+ 0xd3, 0x56, 0x5d, 0xe9, 0x4b, 0xbf, 0xb1, 0x2f, 0x3c, 0x59, 0xff, 0x46, 0xc2, 0x71, 0xbf, 0x83,
136
+ };
137
+
138
+ uint8_t y[] = {
139
+ 0xce, 0x40, 0x14, 0xc6, 0x88, 0x11, 0xf9, 0xa2, 0x1a, 0x1f, 0xdb, 0x2c, 0x0e, 0x61, 0x13, 0xe0,
140
+ 0x6d, 0xb7, 0xca, 0x93, 0xb7, 0x40, 0x4e, 0x78, 0xdc, 0x7c, 0xcd, 0x5c, 0xa8, 0x9a, 0x4c, 0xa9,
141
+ };
142
+
143
+ struct aws_byte_cursor pub_x = aws_byte_cursor_from_array(x, sizeof(x));
144
+ struct aws_byte_cursor pub_y = aws_byte_cursor_from_array(y, sizeof(y));
145
+
146
+ struct aws_ecc_key_pair *signing_key =
147
+ aws_ecc_key_pair_new_from_private_key(allocator, AWS_CAL_ECDSA_P256, &private_key);
148
+ struct aws_ecc_key_pair *verifying_key =
149
+ aws_ecc_key_pair_new_from_public_key(allocator, AWS_CAL_ECDSA_P256, &pub_x, &pub_y);
150
+
151
+ struct aws_byte_buf raw_buf;
152
+ aws_byte_buf_init(&raw_buf, allocator, 1024);
153
+
154
+ size_t max_iterations = 10000;
155
+ size_t count = 0;
156
+
157
+ struct aws_byte_cursor to_append = aws_byte_cursor_from_c_str("a");
158
+ struct aws_byte_buf to_sign;
159
+ aws_byte_buf_init(&to_sign, allocator, AWS_SHA256_LEN);
160
+
161
+ struct aws_byte_buf signature_output;
162
+ aws_byte_buf_init(&signature_output, allocator, aws_ecc_key_pair_signature_length(signing_key));
163
+
164
+ struct aws_byte_buf hex_buf;
165
+ aws_byte_buf_init(&hex_buf, allocator, 1024);
166
+
167
+ for (; count < max_iterations; ++count) {
168
+ struct aws_byte_cursor hash_input = aws_byte_cursor_from_buf(&raw_buf);
169
+
170
+ aws_sha256_compute(allocator, &hash_input, &to_sign, 0);
171
+ struct aws_byte_cursor signing_cur = aws_byte_cursor_from_buf(&to_sign);
172
+
173
+ int signing_val = aws_ecc_key_pair_sign_message(signing_key, &signing_cur, &signature_output);
174
+ (void)signing_val;
175
+
176
+ struct aws_byte_cursor signature_cur = aws_byte_cursor_from_buf(&signature_output);
177
+ int verify_val = aws_ecc_key_pair_verify_signature(verifying_key, &signing_cur, &signature_cur);
178
+
179
+ aws_hex_encode(&signature_cur, &hex_buf);
180
+ struct aws_byte_cursor hex_encoded_cur = aws_byte_cursor_from_buf(&hex_buf);
181
+
182
+ if (verify_val != AWS_OP_SUCCESS) {
183
+ fprintf(
184
+ stderr,
185
+ "Signature: \"" PRInSTR "\" was produced but could not be verified\n",
186
+ AWS_BYTE_CURSOR_PRI(hex_encoded_cur));
187
+ }
188
+
189
+ fprintf(output_file, PRInSTR "\n", AWS_BYTE_CURSOR_PRI(hex_encoded_cur));
190
+
191
+ aws_byte_buf_append_dynamic(&raw_buf, &to_append);
192
+ aws_byte_buf_reset(&hex_buf, true);
193
+ aws_byte_buf_reset(&to_sign, true);
194
+ aws_byte_buf_reset(&signature_output, true);
195
+ }
196
+
197
+ aws_byte_buf_clean_up(&hex_buf);
198
+ aws_byte_buf_clean_up(&signature_output);
199
+ aws_byte_buf_clean_up(&raw_buf);
200
+
201
+ aws_ecc_key_pair_release(verifying_key);
202
+ aws_ecc_key_pair_release(signing_key);
203
+
204
+ fclose(output_file);
205
+
206
+ aws_cal_library_clean_up();
207
+ return 0;
208
+ }
@@ -0,0 +1,30 @@
1
+
2
+ project(run_x_platform_fuzz_corpus C)
3
+
4
+ list(APPEND CMAKE_MODULE_PATH "${CMAKE_INSTALL_PREFIX}/lib/cmake")
5
+
6
+ file(GLOB PROFILE_SRC
7
+ "*.c"
8
+ )
9
+
10
+ set(PROFILE_PROJECT_NAME run_x_platform_fuzz_corpus)
11
+ add_executable(${PROFILE_PROJECT_NAME} ${PROFILE_SRC})
12
+ aws_set_common_properties(${PROFILE_PROJECT_NAME})
13
+
14
+
15
+ target_include_directories(${PROFILE_PROJECT_NAME} PUBLIC
16
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
17
+ $<INSTALL_INTERFACE:include>)
18
+
19
+ target_link_libraries(${PROFILE_PROJECT_NAME} aws-c-cal)
20
+
21
+ if (BUILD_SHARED_LIBS AND NOT WIN32)
22
+ message(INFO " run_x_platform_fuzz_corpus will be built with shared libs, but you may need to set LD_LIBRARY_PATH=${CMAKE_INSTALL_PREFIX}/lib to run the application")
23
+ endif()
24
+
25
+ install(TARGETS ${PROFILE_PROJECT_NAME}
26
+ EXPORT ${PROFILE_PROJECT_NAME}-targets
27
+ COMPONENT Runtime
28
+ RUNTIME
29
+ DESTINATION bin
30
+ COMPONENT Runtime)
@@ -0,0 +1,244 @@
1
+ /**
2
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ * SPDX-License-Identifier: Apache-2.0.
4
+ */
5
+
6
+ #include <aws/cal/cal.h>
7
+ #include <aws/cal/ecc.h>
8
+ #include <aws/cal/hash.h>
9
+
10
+ #include <aws/common/command_line_parser.h>
11
+ #include <aws/common/encoding.h>
12
+ #include <aws/common/file.h>
13
+ #include <aws/common/string.h>
14
+
15
+ #include <inttypes.h>
16
+
17
+ struct run_corpus_ctx {
18
+ struct aws_allocator *allocator;
19
+ const char *root_path;
20
+ };
21
+
22
+ static struct aws_cli_option s_long_options[] = {
23
+ {"corpus-path", AWS_CLI_OPTIONS_REQUIRED_ARGUMENT, NULL, 'o'},
24
+ {"help", AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 'h'},
25
+ /* Per getopt(3) the last element of the array has to be filled with all zeros */
26
+ {NULL, AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 0},
27
+ };
28
+
29
+ static void s_usage(int exit_code) {
30
+
31
+ fprintf(stderr, "usage: run_x_platform_fuzz_corpus [options]\n");
32
+ fprintf(stderr, "\n Options:\n\n");
33
+ fprintf(
34
+ stderr,
35
+ " --corpus-path DIRECTORY: path to scan for corpus files default is the current working directory.\n");
36
+ fprintf(stderr, " -h, --help\n");
37
+ fprintf(stderr, " Display this message and quit.\n");
38
+ exit(exit_code);
39
+ }
40
+
41
+ static void s_parse_options(int argc, char **argv, struct run_corpus_ctx *ctx) {
42
+ while (true) {
43
+ int option_index = 0;
44
+ int c = aws_cli_getopt_long(argc, argv, "o:h", s_long_options, &option_index);
45
+ if (c == -1) {
46
+ break;
47
+ }
48
+
49
+ switch (c) {
50
+ case 0:
51
+ /* getopt_long() returns 0 if an option.flag is non-null */
52
+ break;
53
+ case 'o':
54
+ ctx->root_path = aws_cli_optarg;
55
+ break;
56
+ case 'h':
57
+ s_usage(0);
58
+ break;
59
+ default:
60
+ fprintf(stderr, "Unknown option\n");
61
+ s_usage(1);
62
+ }
63
+ }
64
+ }
65
+
66
+ /**
67
+ * Attempts to load a corpus directory. If it's successful, it loads each platform's ECDSA corpus, and makes sure
68
+ * it can actually verify the signatures in it provided the same key and message to sign are used as those used
69
+ * to produce the signature.
70
+ */
71
+ int main(int argc, char *argv[]) {
72
+ struct aws_allocator *allocator = aws_default_allocator();
73
+ aws_cal_library_init(allocator);
74
+
75
+ struct run_corpus_ctx ctx = {
76
+ .allocator = allocator,
77
+ };
78
+
79
+ s_parse_options(argc, argv, &ctx);
80
+
81
+ uint8_t x[] = {
82
+ 0x1c, 0xcb, 0xe9, 0x1c, 0x07, 0x5f, 0xc7, 0xf4, 0xf0, 0x33, 0xbf, 0xa2, 0x48, 0xdb, 0x8f, 0xcc,
83
+ 0xd3, 0x56, 0x5d, 0xe9, 0x4b, 0xbf, 0xb1, 0x2f, 0x3c, 0x59, 0xff, 0x46, 0xc2, 0x71, 0xbf, 0x83,
84
+ };
85
+
86
+ uint8_t y[] = {
87
+ 0xce, 0x40, 0x14, 0xc6, 0x88, 0x11, 0xf9, 0xa2, 0x1a, 0x1f, 0xdb, 0x2c, 0x0e, 0x61, 0x13, 0xe0,
88
+ 0x6d, 0xb7, 0xca, 0x93, 0xb7, 0x40, 0x4e, 0x78, 0xdc, 0x7c, 0xcd, 0x5c, 0xa8, 0x9a, 0x4c, 0xa9,
89
+ };
90
+
91
+ struct aws_byte_cursor pub_x = aws_byte_cursor_from_array(x, sizeof(x));
92
+ struct aws_byte_cursor pub_y = aws_byte_cursor_from_array(y, sizeof(y));
93
+
94
+ struct aws_ecc_key_pair *verifying_key =
95
+ aws_ecc_key_pair_new_from_public_key(allocator, AWS_CAL_ECDSA_P256, &pub_x, &pub_y);
96
+
97
+ struct aws_byte_buf scan_path;
98
+ aws_byte_buf_init(&scan_path, allocator, 1024);
99
+
100
+ if (ctx.root_path) {
101
+ struct aws_byte_cursor root_path = aws_byte_cursor_from_c_str(ctx.root_path);
102
+ aws_byte_buf_append_dynamic(&scan_path, &root_path);
103
+
104
+ /* if (root_path.ptr[root_path.len - 1] != AWS_PATH_DELIM) {
105
+ aws_byte_buf_append_byte_dynamic(&scan_path, (uint8_t)AWS_PATH_DELIM);
106
+ }*/
107
+ }
108
+
109
+ struct aws_string *scan_path_str = aws_string_new_from_buf(allocator, &scan_path);
110
+ struct aws_directory_iterator *dir_iter = aws_directory_entry_iterator_new(allocator, scan_path_str);
111
+
112
+ if (!dir_iter) {
113
+ fprintf(stderr, "Unable to load fuzz corpus from %s\n", aws_string_c_str(scan_path_str));
114
+ exit(-1);
115
+ }
116
+
117
+ struct aws_byte_cursor corpus_file_name = aws_byte_cursor_from_c_str("p256_sig_corpus.txt");
118
+ size_t corpus_runs = 0;
119
+ const struct aws_directory_entry *entry = aws_directory_entry_iterator_get_value(dir_iter);
120
+ while (entry) {
121
+ struct aws_string *corpus_file = NULL;
122
+
123
+ if (entry->file_type & AWS_FILE_TYPE_DIRECTORY) {
124
+ struct aws_string *potential_corpus_path = aws_string_new_from_cursor(allocator, &entry->path);
125
+ struct aws_directory_iterator *potential_corpus_dir =
126
+ aws_directory_entry_iterator_new(allocator, potential_corpus_path);
127
+
128
+ if (potential_corpus_dir) {
129
+ const struct aws_directory_entry *corpus_file_candidate =
130
+ aws_directory_entry_iterator_get_value(potential_corpus_dir);
131
+
132
+ while (corpus_file_candidate) {
133
+ struct aws_byte_cursor find_unused;
134
+ if (aws_byte_cursor_find_exact(
135
+ &corpus_file_candidate->relative_path, &corpus_file_name, &find_unused) == AWS_OP_SUCCESS) {
136
+ corpus_file = aws_string_new_from_cursor(allocator, &corpus_file_candidate->path);
137
+ break;
138
+ }
139
+
140
+ if (aws_directory_entry_iterator_next(potential_corpus_dir) != AWS_OP_SUCCESS) {
141
+ break;
142
+ }
143
+
144
+ corpus_file_candidate = aws_directory_entry_iterator_get_value(potential_corpus_dir);
145
+ }
146
+
147
+ aws_directory_entry_iterator_destroy(potential_corpus_dir);
148
+ }
149
+ }
150
+
151
+ if (corpus_file) {
152
+ corpus_runs++;
153
+ fprintf(stdout, "Running corpus file found at %s:\n\n", aws_string_c_str(corpus_file));
154
+ struct aws_string *mode = aws_string_new_from_c_str(allocator, "r");
155
+ FILE *corpus_input_file = aws_fopen_safe(corpus_file, mode);
156
+
157
+ if (!corpus_input_file) {
158
+ fprintf(stderr, "Unable to open file at %s\n", aws_string_c_str(corpus_file));
159
+ exit(-1);
160
+ }
161
+
162
+ struct aws_byte_buf hex_decoded_buf;
163
+ aws_byte_buf_init(&hex_decoded_buf, allocator, 1024);
164
+
165
+ struct aws_byte_cursor to_append = aws_byte_cursor_from_c_str("a");
166
+ struct aws_byte_buf signed_value;
167
+ aws_byte_buf_init(&signed_value, allocator, AWS_SHA256_LEN);
168
+
169
+ struct aws_byte_buf to_hash;
170
+ aws_byte_buf_init(&to_hash, allocator, 1024);
171
+
172
+ char line_buf[1024];
173
+ AWS_ZERO_ARRAY(line_buf);
174
+ size_t signatures_processed = 0;
175
+ size_t signatures_failed = 0;
176
+
177
+ while (fgets(line_buf, 1024, corpus_input_file)) {
178
+
179
+ /* -1 to strip off the newline delimiter */
180
+ struct aws_byte_cursor line_cur = aws_byte_cursor_from_c_str(line_buf);
181
+ line_cur.len -= 1;
182
+
183
+ if (aws_hex_decode(&line_cur, &hex_decoded_buf) != AWS_OP_SUCCESS) {
184
+ fprintf(
185
+ stderr,
186
+ "Invalid line in file detected. Could not hex decode.\n Line is " PRInSTR "\n",
187
+ AWS_BYTE_CURSOR_PRI(line_cur));
188
+ exit(-1);
189
+ }
190
+
191
+ struct aws_byte_cursor to_hash_cur = aws_byte_cursor_from_buf(&to_hash);
192
+ aws_sha256_compute(allocator, &to_hash_cur, &signed_value, 0);
193
+
194
+ struct aws_byte_cursor signed_value_cur = aws_byte_cursor_from_buf(&signed_value);
195
+ struct aws_byte_cursor signature_cur = aws_byte_cursor_from_buf(&hex_decoded_buf);
196
+
197
+ if (aws_ecc_key_pair_verify_signature(verifying_key, &signed_value_cur, &signature_cur)) {
198
+ struct aws_byte_buf hex_encoded_sha;
199
+ aws_byte_buf_init(&hex_encoded_sha, allocator, 1024);
200
+
201
+ aws_hex_encode(&signed_value_cur, &hex_encoded_sha);
202
+ struct aws_byte_cursor failed_sha = aws_byte_cursor_from_buf(&hex_encoded_sha);
203
+
204
+ fprintf(
205
+ stderr,
206
+ "Failed to validate signature\n signature: " PRInSTR "\n message_signed: " PRInSTR "\n\n",
207
+ AWS_BYTE_CURSOR_PRI(line_cur),
208
+ AWS_BYTE_CURSOR_PRI(failed_sha));
209
+ signatures_failed++;
210
+ aws_byte_buf_clean_up(&hex_encoded_sha);
211
+ }
212
+
213
+ aws_byte_buf_reset(&hex_decoded_buf, true);
214
+ aws_byte_buf_reset(&signed_value, true);
215
+
216
+ aws_byte_buf_append_dynamic(&to_hash, &to_append);
217
+ AWS_ZERO_ARRAY(line_buf);
218
+ signatures_processed++;
219
+ }
220
+ fprintf(
221
+ stdout,
222
+ "Corpus verification complete with %d failures out of %d signatures processed\n\n",
223
+ (int)signatures_failed,
224
+ (int)signatures_processed);
225
+
226
+ aws_byte_buf_clean_up(&hex_decoded_buf);
227
+ fclose(corpus_input_file);
228
+ aws_string_destroy(mode);
229
+ }
230
+
231
+ if (aws_directory_entry_iterator_next(dir_iter)) {
232
+ break;
233
+ }
234
+
235
+ entry = aws_directory_entry_iterator_get_value(dir_iter);
236
+ }
237
+ aws_directory_entry_iterator_destroy(dir_iter);
238
+ aws_string_destroy(scan_path_str);
239
+
240
+ aws_ecc_key_pair_release(verifying_key);
241
+
242
+ aws_cal_library_clean_up();
243
+ return 0;
244
+ }