From: Ethan Graham <ethan.w.s.graham@gmail.com>
To: ethangraham@google.com, glider@google.com
Cc: andreyknvl@gmail.com, brendan.higgins@linux.dev,
davidgow@google.com, dvyukov@google.com, jannh@google.com,
elver@google.com, rmoar@google.com, shuah@kernel.org,
tarasmadan@google.com, kasan-dev@googlegroups.com,
kunit-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, dhowells@redhat.com, lukas@wunner.de,
ignat@cloudflare.com, herbert@gondor.apana.org.au,
davem@davemloft.net, linux-crypto@vger.kernel.org
Subject: [PATCH v2 RFC 7/7] crypto: implement KFuzzTest targets for PKCS7 and RSA parsing
Date: Mon, 1 Sep 2025 16:42:12 +0000 [thread overview]
Message-ID: <20250901164212.460229-8-ethan.w.s.graham@gmail.com> (raw)
In-Reply-To: <20250901164212.460229-1-ethan.w.s.graham@gmail.com>
From: Ethan Graham <ethangraham@google.com>
Add KFuzzTest targets for pkcs7_parse_message, rsa_parse_pub_key, and
rsa_parse_priv_key to serve as real-world examples of how the framework is used.
These functions are ideal candidates for KFuzzTest as they perform complex
parsing of user-controlled data but are not directly exposed at the syscall
boundary. This makes them difficult to exercise with traditional fuzzing tools
and showcases the primary strength of the KFuzzTest framework: providing an
interface to fuzz internal functions.
The targets are defined within /lib/tests, alongside existing KUnit
tests.
Signed-off-by: Ethan Graham <ethangraham@google.com>
---
v2:
- Move KFuzzTest targets outside of the source files into dedicated
_kfuzz.c files under /crypto/asymmetric_keys/tests/ as suggested by
Ignat Korchagin and Eric Biggers.
---
---
crypto/asymmetric_keys/Kconfig | 15 ++++++++
crypto/asymmetric_keys/Makefile | 2 +
crypto/asymmetric_keys/tests/Makefile | 2 +
crypto/asymmetric_keys/tests/pkcs7_kfuzz.c | 22 +++++++++++
.../asymmetric_keys/tests/rsa_helper_kfuzz.c | 38 +++++++++++++++++++
5 files changed, 79 insertions(+)
create mode 100644 crypto/asymmetric_keys/tests/Makefile
create mode 100644 crypto/asymmetric_keys/tests/pkcs7_kfuzz.c
create mode 100644 crypto/asymmetric_keys/tests/rsa_helper_kfuzz.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index e1345b8f39f1..7a4c5eb18624 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -104,3 +104,18 @@ config FIPS_SIGNATURE_SELFTEST_ECDSA
depends on CRYPTO_ECDSA=y || CRYPTO_ECDSA=FIPS_SIGNATURE_SELFTEST
endif # ASYMMETRIC_KEY_TYPE
+
+config PKCS7_MESSAGE_PARSER_KFUZZ
+ bool "Build fuzz target for PKCS#7 parser"
+ depends on KFUZZTEST
+ depends on PKCS7_MESSAGE_PARSER
+ default y
+ help
+ Builds the KFuzzTest targets for PKCS#7.
+
+config RSA_HELPER_KFUZZ
+ bool "Build fuzz targets for RSA helpers"
+ depends on KFUZZTEST
+ default y
+ help
+ Builds the KFuzzTest targets for RSA helper functions.
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index bc65d3b98dcb..77b825aee6b2 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -67,6 +67,8 @@ obj-$(CONFIG_PKCS7_TEST_KEY) += pkcs7_test_key.o
pkcs7_test_key-y := \
pkcs7_key_type.o
+obj-y += tests/
+
#
# Signed PE binary-wrapped key handling
#
diff --git a/crypto/asymmetric_keys/tests/Makefile b/crypto/asymmetric_keys/tests/Makefile
new file mode 100644
index 000000000000..42a779c9042a
--- /dev/null
+++ b/crypto/asymmetric_keys/tests/Makefile
@@ -0,0 +1,2 @@
+obj-$(CONFIG_PKCS7_MESSAGE_PARSER_KFUZZ) += pkcs7_kfuzz.o
+obj-$(CONFIG_RSA_HELPER_KFUZZ) += rsa_helper_kfuzz.o
diff --git a/crypto/asymmetric_keys/tests/pkcs7_kfuzz.c b/crypto/asymmetric_keys/tests/pkcs7_kfuzz.c
new file mode 100644
index 000000000000..84d0b0d8d0eb
--- /dev/null
+++ b/crypto/asymmetric_keys/tests/pkcs7_kfuzz.c
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * PKCS#7 parser KFuzzTest target
+ *
+ * Copyright 2025 Google LLC
+ */
+#include <crypto/pkcs7.h>
+#include <linux/kfuzztest.h>
+
+struct pkcs7_parse_message_arg {
+ const void *data;
+ size_t datalen;
+};
+
+FUZZ_TEST(test_pkcs7_parse_message, struct pkcs7_parse_message_arg)
+{
+ KFUZZTEST_EXPECT_NOT_NULL(pkcs7_parse_message_arg, data);
+ KFUZZTEST_ANNOTATE_LEN(pkcs7_parse_message_arg, datalen, data);
+ KFUZZTEST_EXPECT_LE(pkcs7_parse_message_arg, datalen, 16 * PAGE_SIZE);
+
+ pkcs7_parse_message(arg->data, arg->datalen);
+}
diff --git a/crypto/asymmetric_keys/tests/rsa_helper_kfuzz.c b/crypto/asymmetric_keys/tests/rsa_helper_kfuzz.c
new file mode 100644
index 000000000000..5877e54cb75a
--- /dev/null
+++ b/crypto/asymmetric_keys/tests/rsa_helper_kfuzz.c
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * RSA key extract helper KFuzzTest targets
+ *
+ * Copyright 2025 Google LLC
+ */
+#include <linux/kfuzztest.h>
+#include <crypto/internal/rsa.h>
+
+struct rsa_parse_pub_key_arg {
+ const void *key;
+ size_t key_len;
+};
+
+FUZZ_TEST(test_rsa_parse_pub_key, struct rsa_parse_pub_key_arg)
+{
+ KFUZZTEST_EXPECT_NOT_NULL(rsa_parse_pub_key_arg, key);
+ KFUZZTEST_ANNOTATE_LEN(rsa_parse_pub_key_arg, key_len, key);
+ KFUZZTEST_EXPECT_LE(rsa_parse_pub_key_arg, key_len, 16 * PAGE_SIZE);
+
+ struct rsa_key out;
+ rsa_parse_pub_key(&out, arg->key, arg->key_len);
+}
+
+struct rsa_parse_priv_key_arg {
+ const void *key;
+ size_t key_len;
+};
+
+FUZZ_TEST(test_rsa_parse_priv_key, struct rsa_parse_priv_key_arg)
+{
+ KFUZZTEST_EXPECT_NOT_NULL(rsa_parse_priv_key_arg, key);
+ KFUZZTEST_ANNOTATE_LEN(rsa_parse_priv_key_arg, key_len, key);
+ KFUZZTEST_EXPECT_LE(rsa_parse_priv_key_arg, key_len, 16 * PAGE_SIZE);
+
+ struct rsa_key out;
+ rsa_parse_priv_key(&out, arg->key, arg->key_len);
+}
--
2.51.0.318.gd7df087d1a-goog
next prev parent reply other threads:[~2025-09-01 16:44 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-01 16:42 [PATCH v2 RFC 0/7] KFuzzTest: a new kernel fuzzing framework Ethan Graham
2025-09-01 16:42 ` [PATCH v2 RFC 1/7] mm/kasan: implement kasan_poison_range Ethan Graham
2025-09-05 8:32 ` Alexander Potapenko
2025-09-05 8:46 ` Ethan Graham
2025-09-05 9:32 ` Alexander Potapenko
2025-09-01 16:42 ` [PATCH v2 RFC 2/7] kfuzztest: add user-facing API and data structures Ethan Graham
2025-09-02 10:37 ` Marco Elver
2025-09-03 8:40 ` Alexander Potapenko
2025-09-03 10:15 ` Alexander Potapenko
2025-09-03 11:35 ` Alexander Potapenko
2025-09-01 16:42 ` [PATCH v2 RFC 3/7] kfuzztest: implement core module and input processing Ethan Graham
2025-09-03 9:53 ` Alexander Potapenko
2025-09-01 16:42 ` [PATCH v2 RFC 4/7] tools: add kfuzztest-bridge utility Ethan Graham
2025-09-03 14:07 ` Alexander Potapenko
2025-09-05 10:43 ` Alexander Potapenko
2025-09-01 16:42 ` [PATCH v2 RFC 5/7] kfuzztest: add ReST documentation Ethan Graham
2025-09-04 8:53 ` Alexander Potapenko
2025-09-01 16:42 ` [PATCH v2 RFC 6/7] kfuzztest: add KFuzzTest sample fuzz targets Ethan Graham
2025-09-04 9:59 ` Alexander Potapenko
2025-09-01 16:42 ` Ethan Graham [this message]
2025-09-03 8:58 ` [PATCH v2 RFC 7/7] crypto: implement KFuzzTest targets for PKCS7 and RSA parsing Ignat Korchagin
2025-09-04 20:20 ` Ethan Graham
2025-09-04 9:11 ` [PATCH v2 RFC 0/7] KFuzzTest: a new kernel fuzzing framework David Gow
2025-09-04 20:08 ` Ethan Graham
2025-09-08 13:11 ` Johannes Berg
2025-09-10 10:40 ` Alexander Potapenko
2025-09-10 15:59 ` Johannes Berg
2025-09-11 13:59 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250901164212.460229-8-ethan.w.s.graham@gmail.com \
--to=ethan.w.s.graham@gmail.com \
--cc=andreyknvl@gmail.com \
--cc=brendan.higgins@linux.dev \
--cc=davem@davemloft.net \
--cc=davidgow@google.com \
--cc=dhowells@redhat.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=ethangraham@google.com \
--cc=glider@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=jannh@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kunit-dev@googlegroups.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lukas@wunner.de \
--cc=rmoar@google.com \
--cc=shuah@kernel.org \
--cc=tarasmadan@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox