From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 3/3] security: jwt: add simple fuzzer
Date: Thu, 21 Aug 2025 22:59:42 +0200 [thread overview]
Message-ID: <20250821205942.1435683-3-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20250821205942.1435683-1-a.fatoum@pengutronix.de>
The JWT format does only minimal string parsing before verifying the
signature, but let's add a fuzzer for that initial string parsing
anyway.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
images/Makefile.sandbox | 1 +
security/Kconfig | 1 +
security/jwt.c | 17 +++++++++++++++++
3 files changed, 19 insertions(+)
diff --git a/images/Makefile.sandbox b/images/Makefile.sandbox
index b235a1195a7f..d13ffb0124b1 100644
--- a/images/Makefile.sandbox
+++ b/images/Makefile.sandbox
@@ -4,6 +4,7 @@ SYMLINK_TARGET_barebox = sandbox_main.elf
symlink-$(CONFIG_SANDBOX) += barebox
fuzzer-$(CONFIG_FILETYPE) += filetype
+fuzzer-$(CONFIG_JWT) += jwt
fuzzer-$(CONFIG_FITIMAGE) += fit
fuzzer-$(CONFIG_OFTREE) += dtb
fuzzer-$(CONFIG_OFTREE) += fdt-compatible
diff --git a/security/Kconfig b/security/Kconfig
index 372fd275fde9..1902a1f036c4 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -92,6 +92,7 @@ config JWT
select JSMN
select BASE64
select CRYPTO_RSA
+ select TEST_KEY_RSA2048 if FUZZ
menu "OP-TEE loading"
diff --git a/security/jwt.c b/security/jwt.c
index a6a7d7f788f8..e4be17dcfac0 100644
--- a/security/jwt.c
+++ b/security/jwt.c
@@ -8,6 +8,7 @@
#include <linux/printk.h>
#include <base64.h>
#include <jsmn.h>
+#include <fuzz.h>
#include <linux/ctype.h>
#define JP(...) (const char *[]) { __VA_ARGS__, NULL }
@@ -224,6 +225,22 @@ struct jwt *jwt_decode(const char *token, const struct jwt_key *key)
return ERR_PTR(ret);
}
+static int fuzz_jwt(char *data, size_t size)
+{
+ struct jwt_key jwt_key;
+ struct jwt *jwt;
+ extern const struct rsa_public_key __key_development_rsa2048;
+
+ jwt_key.alg = JWT_ALG_RS256;
+ jwt_key.material.rsa_pub = &__key_development_rsa2048;
+
+ jwt = jwt_decode(data, &jwt_key);
+ if (!IS_ERR(jwt))
+ jwt_free(jwt);
+ return 0;
+}
+fuzz_test_str("jwt", fuzz_jwt);
+
const char *jwt_get_payload(const struct jwt *t)
{
return t->payload.content;
--
2.39.5
prev parent reply other threads:[~2025-08-22 2:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-21 20:59 [PATCH 1/3] fuzz: add test harness for fuzzing nul-terminated strings Ahmad Fatoum
2025-08-21 20:59 ` [PATCH 2/3] test: self: jwt: add dedicated option for development_rsa2048.pem Ahmad Fatoum
2025-08-21 20:59 ` Ahmad Fatoum [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250821205942.1435683-3-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox