From 4a451cc92844e804bbc9055f9fff75ce9fa7c0d2 Mon Sep 17 00:00:00 2001 From: Vahagn Date: Fri, 10 Oct 2025 18:46:10 +0400 Subject: [PATCH 1/2] Add Telegram Desktop fuzzers This adds fuzzing support for Telegram Desktop's MTProto protocol and encryption implementation. Project repository: https://github.com/telegramdesktop/tdesktop Fuzzer branch: https://github.com/telegramdesktop/tdesktop/tree/ossFuzz/fuzzing Fuzzers included (8 total): MTProto Protocol Stack: - mtproto_v0_fuzzer: Basic MTProto v0 protocol parsing - mtproto_v1_obfuscated_fuzzer: SHA256-based obfuscated handshake - mtproto_vd_padded_fuzzer: Padded protocol with anti-DPI - tl_serialization_fuzzer: Type Language binary serialization - aes_ctr_obfuscation_fuzzer: AES-256-CTR connection obfuscation Private Message Encryption: - aes_ige_encryption_fuzzer: AES-IGE mode used for all messages - message_key_derivation_fuzzer: SHA1/SHA256 key derivation - auth_key_management_fuzzer: 2048-bit authorization key handling Technical details: - Standalone design with zero dependencies on tdesktop codebase - Fast build time (~10 seconds for all 8 fuzzers) - Performance: 17,000 - 326,000 exec/sec depending on fuzzer - Sanitizers: AddressSanitizer, UndefinedBehaviorSanitizer, MemorySanitizer - Total fuzzer code: 2,435 lines All fuzzers have been tested locally with libFuzzer and pass check_build verification. --- projects/telegram/Dockerfile | 27 +++++++++++++++++++++++ projects/telegram/build.sh | 40 ++++++++++++++++++++++++++++++++++ projects/telegram/project.yaml | 17 +++++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 projects/telegram/Dockerfile create mode 100644 projects/telegram/build.sh create mode 100644 projects/telegram/project.yaml diff --git a/projects/telegram/Dockerfile b/projects/telegram/Dockerfile new file mode 100644 index 000000000000..fa0af279ef5f --- /dev/null +++ b/projects/telegram/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/oss-fuzz-base/base-builder + +# Clone the repository with fuzzing branch +RUN git clone --depth 1 --branch ossFuzz https://github.com/telegramdesktop/tdesktop $SRC/tdesktop + +# Create fuzzer directory +RUN mkdir -p $SRC/telegram_fuzzers + +# Copy build script and standalone fuzzer sources to fuzzer directory +COPY build.sh $SRC/ +COPY *.cpp $SRC/telegram_fuzzers/ + +WORKDIR $SRC/telegram_fuzzers diff --git a/projects/telegram/build.sh b/projects/telegram/build.sh new file mode 100644 index 000000000000..24d32452dfd3 --- /dev/null +++ b/projects/telegram/build.sh @@ -0,0 +1,40 @@ +#!/bin/bash -eu +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Build Telegram Protocol Fuzzers +# These are standalone fuzzers that don't require the full tdesktop build + +cd $SRC/telegram_fuzzers + +# List of fuzzers to build +FUZZERS=( + "mtproto_v0_fuzzer" + "mtproto_v1_obfuscated_fuzzer" + "mtproto_vd_padded_fuzzer" + "tl_serialization_fuzzer" + "aes_ctr_obfuscation_fuzzer" + "aes_ige_encryption_fuzzer" + "message_key_derivation_fuzzer" + "auth_key_management_fuzzer" +) + +# Build each fuzzer +for fuzzer in "${FUZZERS[@]}"; do + echo "Building $fuzzer..." + $CXX $CXXFLAGS -std=c++20 -c "${fuzzer}.cpp" -o "${fuzzer}.o" + $CXX $CXXFLAGS $LIB_FUZZING_ENGINE "${fuzzer}.o" -o "$OUT/${fuzzer}" +done + +echo "All fuzzers built successfully!" diff --git a/projects/telegram/project.yaml b/projects/telegram/project.yaml new file mode 100644 index 000000000000..cd324f668374 --- /dev/null +++ b/projects/telegram/project.yaml @@ -0,0 +1,17 @@ +homepage: "https://github.com/telegramdesktop/tdesktop" +language: c++ +primary_contact: "security@telegram.org" +main_repo: "https://github.com/telegramdesktop/tdesktop" +file_github_issue: true + +sanitizers: + - address + - undefined + - memory + +architectures: + - x86_64 + +help_url: "https://github.com/telegramdesktop/tdesktop/tree/ossFuzz/fuzzing" + +view_restrictions: none From a02ebdd3b83533ace64c70e4e0a5a5101f89ec05 Mon Sep 17 00:00:00 2001 From: Vahagn Date: Fri, 10 Oct 2025 19:00:58 +0400 Subject: [PATCH 2/2] Fix Telegram repo path --- projects/telegram/Dockerfile | 2 +- projects/telegram/project.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/telegram/Dockerfile b/projects/telegram/Dockerfile index fa0af279ef5f..f57fb0c55a47 100644 --- a/projects/telegram/Dockerfile +++ b/projects/telegram/Dockerfile @@ -15,7 +15,7 @@ FROM gcr.io/oss-fuzz-base/base-builder # Clone the repository with fuzzing branch -RUN git clone --depth 1 --branch ossFuzz https://github.com/telegramdesktop/tdesktop $SRC/tdesktop +RUN git clone --depth 1 https://github.com/telegramdesktop/tdesktop $SRC/tdesktop # Create fuzzer directory RUN mkdir -p $SRC/telegram_fuzzers diff --git a/projects/telegram/project.yaml b/projects/telegram/project.yaml index cd324f668374..8c19c5698e24 100644 --- a/projects/telegram/project.yaml +++ b/projects/telegram/project.yaml @@ -12,6 +12,6 @@ sanitizers: architectures: - x86_64 -help_url: "https://github.com/telegramdesktop/tdesktop/tree/ossFuzz/fuzzing" +help_url: "https://github.com/telegramdesktop/tdesktop/" view_restrictions: none