TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 08633825c0c4924aff342d5ce07373cfbc8f7426 / . / tests / fuzz / fuzz_dtlsserver.c
blob: e534b0efffc7d3952317780abfaa83486da8d5b2 [file] [log] [blame]
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]1#include <string.h>
2#include <stdlib.h>
3#include <stdbool.h>
4#include <stdint.h>
Philippe Antoine08633822019-06-04 14:03:06 +0200[diff] [blame^]5#include "common.h"
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]6#include "mbedtls/ssl.h"
7#if defined(MBEDTLS_SSL_PROTO_DTLS)
8#include "mbedtls/entropy.h"
9#include "mbedtls/ctr_drbg.h"
10#include "mbedtls/certs.h"
11#include "mbedtls/timing.h"
12#include "mbedtls/ssl_cookie.h"
13
14
15const char *pers = "fuzz_dtlsserver";
16const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
17static bool initialized = 0;
18#if defined(MBEDTLS_X509_CRT_PARSE_C)
19static mbedtls_x509_crt srvcert;
20static mbedtls_pk_context pkey;
21#endif
22
23typedef struct fuzzBufferOffset
24{
25 const uint8_t *Data;
26 size_t Size;
27 size_t Offset;
28} fuzzBufferOffset_t;
29
30
31static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
32{
33 //silence warning about unused parameter
34 (void) ctx;
35 (void) buf;
36
37 //pretends we wrote everything ok
38 return( len );
39}
40
41static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
42{
43 //reads from the buffer from fuzzer
44 fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
45
46 if (biomemfuzz->Offset == biomemfuzz->Size) {
47 //EOF
48 return (0);
49 }
50 if (len + biomemfuzz->Offset > biomemfuzz->Size) {
51 //do not overflow
52 len = biomemfuzz->Size - biomemfuzz->Offset;
53 }
54 memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
55 biomemfuzz->Offset += len;
56 return( len );
57}
58
59static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
60 uint32_t timeout )
61{
62 (void) timeout;
63
64 return fuzz_recv(ctx, buf, len);
65}
66
67static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
68{
69 int ret;
70 size_t i;
71
72 //use mbedtls_ctr_drbg_random to find bugs in it
73 ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
74 for (i=0; i<output_len; i++) {
75 //replace result with pseudo random
Philippe Antoine2b7c9a22019-06-04 12:05:36 +0200[diff] [blame]76 output[i] = (unsigned char) rand();
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]77 }
78 return( ret );
79}
80
81static int dummy_entropy( void *data, unsigned char *output, size_t len )
82{
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]83 size_t i;
Philippe Antoinef0493042019-06-04 12:01:51 +0200[diff] [blame]84 (void) data;
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]85
86 //use mbedtls_entropy_func to find bugs in it
Philippe Antoine9c7b6982018-05-29 17:00:39 +0200[diff] [blame]87 //test performance impact of entropy
88 //ret = mbedtls_entropy_func(data, output, len);
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]89 for (i=0; i<len; i++) {
90 //replace result with pseudo random
Philippe Antoine2b7c9a22019-06-04 12:05:36 +0200[diff] [blame]91 output[i] = (unsigned char) rand();
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]92 }
Philippe Antoine9c7b6982018-05-29 17:00:39 +0200[diff] [blame]93 return( 0 );
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]94}
95#endif
96
97int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
98#if defined(MBEDTLS_SSL_PROTO_DTLS)
99 int ret;
100 size_t len;
101 mbedtls_ssl_context ssl;
102 mbedtls_ssl_config conf;
103 mbedtls_ctr_drbg_context ctr_drbg;
104 mbedtls_entropy_context entropy;
105 mbedtls_timing_delay_context timer;
106 mbedtls_ssl_cookie_ctx cookie_ctx;
107 unsigned char buf[4096];
108 fuzzBufferOffset_t biomemfuzz;
109
110 if (initialized == 0) {
111#if defined(MBEDTLS_X509_CRT_PARSE_C)
112 mbedtls_x509_crt_init( &srvcert );
113 mbedtls_pk_init( &pkey );
114 if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
115 mbedtls_test_srv_crt_len ) != 0)
116 return 1;
117 if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
118 mbedtls_test_cas_pem_len ) != 0)
119 return 1;
120 if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
121 mbedtls_test_srv_key_len, NULL, 0 ) != 0)
122 return 1;
123#endif
Philippe Antoine08633822019-06-04 14:03:06 +0200[diff] [blame^]124 dummy_init();
125
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]126 initialized = 1;
127 }
128 mbedtls_ssl_init( &ssl );
129 mbedtls_ssl_config_init( &conf );
130 mbedtls_ctr_drbg_init( &ctr_drbg );
131 mbedtls_entropy_init( &entropy );
132 mbedtls_ssl_cookie_init( &cookie_ctx );
133
134 if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
135 (const unsigned char *) pers, strlen( pers ) ) != 0 )
136 goto exit;
137
138
139 if( mbedtls_ssl_config_defaults( &conf,
140 MBEDTLS_SSL_IS_SERVER,
141 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
142 MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
143 goto exit;
144
145
Philippe Antoine2b7c9a22019-06-04 12:05:36 +0200[diff] [blame]146 srand(1);
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]147 mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
148
149#if defined(MBEDTLS_X509_CRT_PARSE_C)
150 mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
151 if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
152 goto exit;
153#endif
154
155 if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
156 goto exit;
157
158 mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
159
160 if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
161 goto exit;
162
163 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
164 mbedtls_timing_get_delay );
165
166 biomemfuzz.Data = Data;
167 biomemfuzz.Size = Size;
168 biomemfuzz.Offset = 0;
169 mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
170 if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
171 goto exit;
172
173 ret = mbedtls_ssl_handshake( &ssl );
174
175 if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
176 biomemfuzz.Offset = ssl.next_record_offset;
177 mbedtls_ssl_session_reset( &ssl );
178 mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
179 if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
180 goto exit;
181
182 ret = mbedtls_ssl_handshake( &ssl );
183
184 if( ret == 0 )
185 {
186 //keep reading data from server until the end
187 do
188 {
189 len = sizeof( buf ) - 1;
190 ret = mbedtls_ssl_read( &ssl, buf, len );
191 if( ret == MBEDTLS_ERR_SSL_WANT_READ )
192 continue;
193 else if( ret <= 0 )
194 //EOF or error
195 break;
196 }
197 while( 1 );
198 }
199 }
200
201exit:
202 mbedtls_ssl_cookie_free( &cookie_ctx );
203 mbedtls_entropy_free( &entropy );
204 mbedtls_ctr_drbg_free( &ctr_drbg );
205 mbedtls_ssl_config_free( &conf );
206 mbedtls_ssl_free( &ssl );
207
208#else
209 (void) Data;
210 (void) Size;
211#endif
212 return 0;
213}