Add basic fuzzing for decryption and signature validation (#86)

* Add basic fuzzing for decryption and signature validation

* Remove unused import in fuzz_signature_validation

* Add valid token to fuzz corpus

fuzz/.gitignore

@@ -0,0 +1,7 @@
+target
+corpus/**/*
+!corpus/fuzz_decryption/
+!corpus/fuzz_decryption/valid_token
+!corpus/fuzz_signature_validation/
+!corpus/fuzz_signature_validation/valid_token
+artifacts

fuzz/Cargo.toml

@@ -0,0 +1,27 @@
+[package]
+name = "biscuit-fuzz"
+version = "0.0.1"
+authors = ["Automatically generated"]
+publish = false
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+serde_json = "1.0"
+[dependencies.biscuit]
+path = ".."
+[dependencies.libfuzzer-sys]
+git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_signature_validation"
+path = "fuzz_targets/fuzz_signature_validation.rs"
+
+[[bin]]
+name = "fuzz_decryption"
+path = "fuzz_targets/fuzz_decryption.rs"

fuzz/README.md

@@ -0,0 +1,11 @@
+# fuzz
+
+## Running the fuzz tests
+
+The fuzz tests can be run using `cargo fuzz` in nightly.
+
+```
+cargo install cargo-fuzz -f
+cargo fuzz list
+cargo +nightly fuzz run fuzz_parser
+```

fuzz/corpus/fuzz_decryption/valid_token

@@ -0,0 +1 @@
+eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3d3dy5hY21lLmNvbS8iLCJzdWIiOiJKb2huIERvZSIsImF1ZCI6Imh0dHM6Ly9hY21lLWN1c3RvbWVyLmNvbS8iLCJuYmYiOjEyMzQsImNvbXBhbnkiOiJBQ01FIiwiZGVwYXJ0bWVudCI6IlRvaWxldCBDbGVhbmluZyJ9.dnx1OmRZSFxjCD1ivy4lveTT-sxay5Fq6vY6jnJvqeI

fuzz/corpus/fuzz_signature_validation/valid_token

@@ -0,0 +1 @@
+eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3d3dy5hY21lLmNvbS8iLCJzdWIiOiJKb2huIERvZSIsImF1ZCI6Imh0dHM6Ly9hY21lLWN1c3RvbWVyLmNvbS8iLCJuYmYiOjEyMzQsImNvbXBhbnkiOiJBQ01FIiwiZGVwYXJ0bWVudCI6IlRvaWxldCBDbGVhbmluZyJ9.dnx1OmRZSFxjCD1ivy4lveTT-sxay5Fq6vY6jnJvqeI

fuzz/fuzz_targets/fuzz_decryption.rs

@@ -0,0 +1,27 @@
+#![no_main]
+#[macro_use]
+extern crate libfuzzer_sys;
+extern crate biscuit;
+extern crate serde_json;
+
+use biscuit::{Empty, JWE};
+use biscuit::jwk::JWK;
+use biscuit::jwa::{KeyManagementAlgorithm, ContentEncryptionAlgorithm};
+
+fuzz_target!(|data: &[u8]| {
+    let key: JWK<Empty> = JWK::new_octect_key(&vec![0; 256 / 8], Default::default());
+
+    let token = std::str::from_utf8(data);
+    if token.is_err() {
+        return;
+    }
+    let token = token.unwrap();
+
+    let token: JWE<serde_json::Value, biscuit::Empty, biscuit::Empty> = JWE::new_encrypted(&token);
+
+    let _ = token.into_decrypted(
+        &key,
+        KeyManagementAlgorithm::A256GCMKW,
+        ContentEncryptionAlgorithm::A256GCM,
+    );
+});

fuzz/fuzz_targets/fuzz_signature_validation.rs

@@ -0,0 +1,22 @@
+#![no_main]
+#[macro_use]
+extern crate libfuzzer_sys;
+extern crate biscuit;
+extern crate serde_json;
+
+use biscuit::*;
+use biscuit::jws::*;
+use biscuit::jwa::*;
+
+fuzz_target!(|data: &[u8]| {
+    let signing_secret = Secret::Bytes("secret".to_string().into_bytes());
+
+    let expected_token = std::str::from_utf8(data);
+    if expected_token.is_err() {
+        return;
+    }
+    let expected_token = expected_token.unwrap();
+
+    let token = JWT::<serde_json::Value, biscuit::Empty>::new_encoded(&expected_token);
+    let _ = token.into_decoded(&signing_secret, SignatureAlgorithm::HS256);
+});