From: Marco Elver <elver@google.com>
To: Ethan Graham <ethan.w.s.graham@gmail.com>
Cc: ethangraham@google.com, glider@google.com, andreyknvl@gmail.com,
brendan.higgins@linux.dev, davidgow@google.com,
dvyukov@google.com, jannh@google.com, rmoar@google.com,
shuah@kernel.org, tarasmadan@google.com,
kasan-dev@googlegroups.com, kunit-dev@googlegroups.com,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
David Howells <dhowells@redhat.com>,
Lukas Wunner <lukas@wunner.de>,
Ignat Korchagin <ignat@cloudflare.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>
Subject: Re: [PATCH v1 RFC 6/6] crypto: implement KFuzzTest targets for PKCS7 and RSA parsing
Date: Wed, 13 Aug 2025 20:13:51 +0200 [thread overview]
Message-ID: <CANpmjNMXnXf879XZc-skhbv17sjppwzr0VGYPrrWokCejfOT1A@mail.gmail.com> (raw)
In-Reply-To: <20250813133812.926145-7-ethan.w.s.graham@gmail.com>
[+Cc crypto maintainers]
On Wed, 13 Aug 2025 at 15:38, Ethan Graham <ethan.w.s.graham@gmail.com> wrote:
>
> From: Ethan Graham <ethangraham@google.com>
Should also Cc crypto maintainers, as they'll be the ones giving
feedback on how interesting this is to them. Use
./scripts/get_maintainer.pl for that in the next round, and either add
the Cc list below your Signed-off-by so that git send-email picks it
up only for this patch, or just for the whole series (normally
preferred, so maintainers get context of the full series).
> Add KFuzzTest targets for pkcs7_parse_message, rsa_parse_pub_key, and
> rsa_parse_priv_key to serve as real-world examples of how the framework is used.
>
> These functions are ideal candidates for KFuzzTest as they perform complex
> parsing of user-controlled data but are not directly exposed at the syscall
> boundary. This makes them difficult to exercise with traditional fuzzing tools
> and showcases the primary strength of the KFuzzTest framework: providing an
> interface to fuzz internal, non-exported kernel functions.
>
> The targets are defined directly within the source files of the functions they
> test, demonstrating how to colocate fuzz tests with the code under test.
>
> Signed-off-by: Ethan Graham <ethangraham@google.com>
> ---
> crypto/asymmetric_keys/pkcs7_parser.c | 15 ++++++++++++++
> crypto/rsa_helper.c | 29 +++++++++++++++++++++++++++
> 2 files changed, 44 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 423d13c47545..e8477f8b0eaf 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -13,6 +13,7 @@
> #include <linux/err.h>
> #include <linux/oid_registry.h>
> #include <crypto/public_key.h>
> +#include <linux/kfuzztest.h>
> #include "pkcs7_parser.h"
> #include "pkcs7.asn1.h"
>
> @@ -169,6 +170,20 @@ struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
> }
> EXPORT_SYMBOL_GPL(pkcs7_parse_message);
>
> +struct pkcs7_parse_message_arg {
> + const void *data;
> + size_t datalen;
> +};
> +
> +FUZZ_TEST(test_pkcs7_parse_message, struct pkcs7_parse_message_arg)
> +{
> + KFUZZTEST_EXPECT_NOT_NULL(pkcs7_parse_message_arg, data);
> + KFUZZTEST_ANNOTATE_LEN(pkcs7_parse_message_arg, datalen, data);
> + KFUZZTEST_EXPECT_LE(pkcs7_parse_message_arg, datalen, 16 * PAGE_SIZE);
> +
> + pkcs7_parse_message(arg->data, arg->datalen);
> +}
> +
> /**
> * pkcs7_get_content_data - Get access to the PKCS#7 content
> * @pkcs7: The preparsed PKCS#7 message to access
> diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
> index 94266f29049c..79b7ddc7c48d 100644
> --- a/crypto/rsa_helper.c
> +++ b/crypto/rsa_helper.c
> @@ -9,6 +9,7 @@
> #include <linux/export.h>
> #include <linux/err.h>
> #include <linux/fips.h>
> +#include <linux/kfuzztest.h>
> #include <crypto/internal/rsa.h>
> #include "rsapubkey.asn1.h"
> #include "rsaprivkey.asn1.h"
> @@ -166,6 +167,20 @@ int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
> }
> EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
>
> +struct rsa_parse_pub_key_arg {
> + const void *key;
> + size_t key_len;
> +};
> +
> +FUZZ_TEST(test_rsa_parse_pub_key, struct rsa_parse_pub_key_arg)
> +{
> + KFUZZTEST_EXPECT_NOT_NULL(rsa_parse_pub_key_arg, key);
> + KFUZZTEST_EXPECT_LE(rsa_parse_pub_key_arg, key_len, 16 * PAGE_SIZE);
> +
> + struct rsa_key out;
> + rsa_parse_pub_key(&out, arg->key, arg->key_len);
> +}
> +
> /**
> * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
> * provided struct rsa_key, pointers to the raw key
> @@ -184,3 +199,17 @@ int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
> return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
> }
> EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
> +
> +struct rsa_parse_priv_key_arg {
> + const void *key;
> + size_t key_len;
> +};
> +
> +FUZZ_TEST(test_rsa_parse_priv_key, struct rsa_parse_priv_key_arg)
> +{
> + KFUZZTEST_EXPECT_NOT_NULL(rsa_parse_priv_key_arg, key);
> + KFUZZTEST_EXPECT_LE(rsa_parse_priv_key_arg, key_len, 16 * PAGE_SIZE);
> +
> + struct rsa_key out;
> + rsa_parse_priv_key(&out, arg->key, arg->key_len);
> +}
> --
> 2.51.0.rc0.205.g4a044479a3-goog
>
next prev parent reply other threads:[~2025-08-13 18:14 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-13 13:38 [PATCH v1 RFC 0/6] kfuzztest: a new kernel fuzzing framework Ethan Graham
2025-08-13 13:38 ` [PATCH v1 RFC 1/6] mm/kasan: implement kasan_poison_range Ethan Graham
2025-08-13 13:38 ` [PATCH v1 RFC 2/6] kfuzztest: add user-facing API and data structures Ethan Graham
2025-08-13 13:38 ` [PATCH v1 RFC 3/6] kfuzztest: implement core module and input processing Ethan Graham
2025-08-22 8:57 ` David Gow
2025-08-13 13:38 ` [PATCH v1 RFC 4/6] kfuzztest: add ReST documentation Ethan Graham
2025-08-13 13:38 ` [PATCH v1 RFC 5/6] kfuzztest: add KFuzzTest sample fuzz targets Ethan Graham
2025-08-13 13:38 ` [PATCH v1 RFC 6/6] crypto: implement KFuzzTest targets for PKCS7 and RSA parsing Ethan Graham
2025-08-13 18:13 ` Marco Elver [this message]
2025-08-14 15:28 ` Ignat Korchagin
2025-08-15 1:17 ` Eric Biggers
2025-08-15 13:00 ` Ignat Korchagin
2025-08-19 10:08 ` Marco Elver
2025-08-19 11:41 ` Ignat Korchagin
2025-08-22 8:15 ` Ethan Graham
2025-08-22 8:57 ` David Gow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANpmjNMXnXf879XZc-skhbv17sjppwzr0VGYPrrWokCejfOT1A@mail.gmail.com \
--to=elver@google.com \
--cc=andreyknvl@gmail.com \
--cc=brendan.higgins@linux.dev \
--cc=davem@davemloft.net \
--cc=davidgow@google.com \
--cc=dhowells@redhat.com \
--cc=dvyukov@google.com \
--cc=ethan.w.s.graham@gmail.com \
--cc=ethangraham@google.com \
--cc=glider@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=jannh@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kunit-dev@googlegroups.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lukas@wunner.de \
--cc=rmoar@google.com \
--cc=shuah@kernel.org \
--cc=tarasmadan@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox