Source file src/github.com/sigstore/rekor/pkg/pki/fuzz_test.go

Documentation: github.com/sigstore/rekor/pkg/pki

     1  //
     2  // Copyright 2022 The Sigstore Authors.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  
    16  package pki
    17  
    18  import (
    19  	"bytes"
    20  	"io"
    21  	"testing"
    22  
    23  	"github.com/sigstore/rekor/pkg/pki/minisign"
    24  	"github.com/sigstore/rekor/pkg/pki/pgp"
    25  	"github.com/sigstore/rekor/pkg/pki/pkcs7"
    26  	"github.com/sigstore/rekor/pkg/pki/ssh"
    27  	"github.com/sigstore/rekor/pkg/pki/tuf"
    28  	"github.com/sigstore/rekor/pkg/pki/x509"
    29  )
    30  
    31  var (
    32  	fuzzArtifactFactoryMap = map[uint]pkiImpl{
    33  		0: {
    34  			newPubKey: func(r io.Reader) (PublicKey, error) {
    35  				return pgp.NewPublicKey(r)
    36  			},
    37  			newSignature: func(r io.Reader) (Signature, error) {
    38  				return pgp.NewSignature(r)
    39  			},
    40  		},
    41  		1: {
    42  			newPubKey: func(r io.Reader) (PublicKey, error) {
    43  				return minisign.NewPublicKey(r)
    44  			},
    45  			newSignature: func(r io.Reader) (Signature, error) {
    46  				return minisign.NewSignature(r)
    47  			},
    48  		},
    49  		2: {
    50  			newPubKey: func(r io.Reader) (PublicKey, error) {
    51  				return ssh.NewPublicKey(r)
    52  			},
    53  			newSignature: func(r io.Reader) (Signature, error) {
    54  				return ssh.NewSignature(r)
    55  			},
    56  		},
    57  		3: {
    58  			newPubKey: func(r io.Reader) (PublicKey, error) {
    59  				return x509.NewPublicKey(r)
    60  			},
    61  			newSignature: func(r io.Reader) (Signature, error) {
    62  				return x509.NewSignature(r)
    63  			},
    64  		},
    65  		4: {
    66  			newPubKey: func(r io.Reader) (PublicKey, error) {
    67  				return pkcs7.NewPublicKey(r)
    68  			},
    69  			newSignature: func(r io.Reader) (Signature, error) {
    70  				return pkcs7.NewSignature(r)
    71  			},
    72  		},
    73  		5: {
    74  			newPubKey: func(r io.Reader) (PublicKey, error) {
    75  				return tuf.NewPublicKey(r)
    76  			},
    77  			newSignature: func(r io.Reader) (Signature, error) {
    78  				return tuf.NewSignature(r)
    79  			},
    80  		},
    81  	}
    82  )
    83  
    84  func FuzzKeys(f *testing.F) {
    85  	f.Fuzz(func(t *testing.T, keyType uint, origSignatureData, verSignatureData, keyData []byte) {
    86  		s, err := fuzzArtifactFactoryMap[keyType%6].newSignature(bytes.NewReader(origSignatureData))
    87  		if err == nil && s != nil {
    88  			b, err := s.CanonicalValue()
    89  			if err == nil {
    90  				_, err = fuzzArtifactFactoryMap[keyType%6].newSignature(bytes.NewReader(b))
    91  				if err != nil {
    92  					t.Fatal("Could not create a signature from valid key data")
    93  				}
    94  			}
    95  			pub, err := fuzzArtifactFactoryMap[keyType%6].newPubKey(bytes.NewReader(keyData))
    96  			if err != nil {
    97  				t.Skip()
    98  			}
    99  			s.Verify(bytes.NewReader(verSignatureData), pub)
   100  		}
   101  	})
   102  }
   103  

View as plain text