Add FIDO U2F message and packet classes

device/u2f/u2f_message_fuzzer.cc

Index: device/u2f/u2f_message_fuzzer.cc
diff --git a/device/u2f/u2f_message_fuzzer.cc b/device/u2f/u2f_message_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..ee519d4a67145b651d67ac2c317fd1ef7fd37f94
--- /dev/null
+++ b/device/u2f/u2f_message_fuzzer.cc
@@ -0,0 +1,30 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+#include "u2f_message.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  size_t packet_size = 65;
+  size_t remaining_buffer = size;
+  uint8_t* start = const_cast<uint8_t*>(data);
+
+  scoped_refptr<net::IOBufferWithSize> buf(
+      new net::IOBufferWithSize(packet_size));
+  memcpy(buf->data(), start, std::min(packet_size, remaining_buffer));
+  scoped_refptr<device::U2fMessage> msg =
+      device::U2fMessage::CreateFromSerializedData(buf);
+
+  remaining_buffer -= std::min(remaining_buffer, packet_size);
+
+  while (remaining_buffer > packet_size) {

[Reilly Grant (use Gerrit), 2016/12/10 01:52:02]

This means we never test a short packet.

[Casey Piper, 2016/12/12 18:01:42]

Updated to use a small packet at the end of the buffer if given.

+    start += packet_size;
+    memcpy(buf->data(), start, packet_size);

[Reilly Grant (use Gerrit), 2016/12/10 01:52:02]

Allocate a new buffer each time so that ASAN can catch access to bytes beyond
the end of packet (if the last one is shorter than 65 bytes).

[Casey Piper, 2016/12/12 18:01:42]

Done.

+    msg->AddContinuationPacket(buf);
+    remaining_buffer -= std::min(remaining_buffer, packet_size);
+  }
+
+  return 0;
+}