// // Copyright 2022 The Sigstore Authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package pki import ( "bytes" "io" "testing" "github.com/sigstore/rekor/pkg/pki/minisign" "github.com/sigstore/rekor/pkg/pki/pgp" "github.com/sigstore/rekor/pkg/pki/pkcs7" "github.com/sigstore/rekor/pkg/pki/ssh" "github.com/sigstore/rekor/pkg/pki/tuf" "github.com/sigstore/rekor/pkg/pki/x509" ) var ( fuzzArtifactFactoryMap = map[uint]pkiImpl{ 0: { newPubKey: func(r io.Reader) (PublicKey, error) { return pgp.NewPublicKey(r) }, newSignature: func(r io.Reader) (Signature, error) { return pgp.NewSignature(r) }, }, 1: { newPubKey: func(r io.Reader) (PublicKey, error) { return minisign.NewPublicKey(r) }, newSignature: func(r io.Reader) (Signature, error) { return minisign.NewSignature(r) }, }, 2: { newPubKey: func(r io.Reader) (PublicKey, error) { return ssh.NewPublicKey(r) }, newSignature: func(r io.Reader) (Signature, error) { return ssh.NewSignature(r) }, }, 3: { newPubKey: func(r io.Reader) (PublicKey, error) { return x509.NewPublicKey(r) }, newSignature: func(r io.Reader) (Signature, error) { return x509.NewSignature(r) }, }, 4: { newPubKey: func(r io.Reader) (PublicKey, error) { return pkcs7.NewPublicKey(r) }, newSignature: func(r io.Reader) (Signature, error) { return pkcs7.NewSignature(r) }, }, 5: { newPubKey: func(r io.Reader) (PublicKey, error) { return tuf.NewPublicKey(r) }, newSignature: func(r io.Reader) (Signature, error) { return tuf.NewSignature(r) }, }, } ) func FuzzKeys(f *testing.F) { f.Fuzz(func(t *testing.T, keyType uint, origSignatureData, verSignatureData, keyData []byte) { s, err := fuzzArtifactFactoryMap[keyType%6].newSignature(bytes.NewReader(origSignatureData)) if err == nil && s != nil { b, err := s.CanonicalValue() if err == nil { _, err = fuzzArtifactFactoryMap[keyType%6].newSignature(bytes.NewReader(b)) if err != nil { t.Fatal("Could not create a signature from valid key data") } } pub, err := fuzzArtifactFactoryMap[keyType%6].newPubKey(bytes.NewReader(keyData)) if err != nil { t.Skip() } s.Verify(bytes.NewReader(verSignatureData), pub) } }) }