From 6325217dbe97ba3630c7e5f801e8557cf86123cd Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin@nitrokey.com>
Date: Wed, 26 Jun 2024 16:27:20 +0200
Subject: [PATCH] Extend fuzzing for ctap1 and ctap2 requests

Previously, we only fuzzed the deserialization of
PublicKeyCredentialUserEntity.  This patch replaces that fuzz target
with the deserialization of entire ctap1 and ctap2 requests.
---
 fuzz/Cargo.toml              | 21 +++++++++++++++------
 fuzz/fuzz_targets/ctap1.rs   | 11 +++++++++++
 fuzz/fuzz_targets/ctap2.rs   |  8 ++++++++
 fuzz/fuzz_targets/example.rs | 10 ----------
 4 files changed, 34 insertions(+), 16 deletions(-)
 create mode 100644 fuzz/fuzz_targets/ctap1.rs
 create mode 100644 fuzz/fuzz_targets/ctap2.rs
 delete mode 100644 fuzz/fuzz_targets/example.rs

diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 85063f5..af04744 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -1,16 +1,15 @@
-
 [package]
 name = "ctap-types-fuzz"
 version = "0.0.0"
-authors = ["Automatically generated"]
 publish = false
-edition = "2018"
+edition = "2021"
 
 [package.metadata]
 cargo-fuzz = true
 
 [dependencies]
-libfuzzer-sys = "0.3"
+iso7816 = "0.1.2"
+libfuzzer-sys = "0.4"
 
 [dependencies.ctap-types]
 path = ".."
@@ -20,5 +19,15 @@ path = ".."
 members = ["."]
 
 [[bin]]
-name = "example"
-path = "fuzz_targets/example.rs"
+name = "ctap1"
+path = "fuzz_targets/ctap1.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "ctap2"
+path = "fuzz_targets/ctap2.rs"
+test = false
+doc = false
+bench = false
diff --git a/fuzz/fuzz_targets/ctap1.rs b/fuzz/fuzz_targets/ctap1.rs
new file mode 100644
index 0000000..8bb9fc9
--- /dev/null
+++ b/fuzz/fuzz_targets/ctap1.rs
@@ -0,0 +1,11 @@
+#![no_main]
+
+use ctap_types::ctap1::Request;
+use iso7816::command::Command;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    if let Ok(command) = Command::<7609>::try_from(data) {
+        Request::try_from(&command).ok();
+    }
+});
diff --git a/fuzz/fuzz_targets/ctap2.rs b/fuzz/fuzz_targets/ctap2.rs
new file mode 100644
index 0000000..1e8ed78
--- /dev/null
+++ b/fuzz/fuzz_targets/ctap2.rs
@@ -0,0 +1,8 @@
+#![no_main]
+
+use ctap_types::ctap2::Request;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    Request::deserialize(data).ok();
+});
diff --git a/fuzz/fuzz_targets/example.rs b/fuzz/fuzz_targets/example.rs
deleted file mode 100644
index 424ca20..0000000
--- a/fuzz/fuzz_targets/example.rs
+++ /dev/null
@@ -1,10 +0,0 @@
-#![no_main]
-
-use libfuzzer_sys::fuzz_target;
-use ctap_types::serde::cbor_deserialize;
-
-fuzz_target!(|data: &[u8]| {
-    // fuzzed code goes here
-    type T = ctap_types::webauthn::PublicKeyCredentialUserEntity;
-    cbor_deserialize::<T>(&data).ok();
-});