TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f049304895451ca66c5990fba5c3a217a6bb77d8 / . / tests / fuzz / fuzz_server.c
blob: f8882dd85b4dad6f3a7c07235548ec689d202014 [file] [log] [blame]
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]1#include "mbedtls/ssl.h"
2#include "mbedtls/entropy.h"
3#include "mbedtls/ctr_drbg.h"
4#include "mbedtls/certs.h"
5#include "mbedtls/ssl_ticket.h"
6#include <string.h>
7#include <stdlib.h>
8#include <stdbool.h>
9#include <stdint.h>
10
11
12const char *pers = "fuzz_server";
13static bool initialized = 0;
14#if defined(MBEDTLS_X509_CRT_PARSE_C)
15static mbedtls_x509_crt srvcert;
16static mbedtls_pk_context pkey;
17#endif
18const char *alpn_list[3];
19
20#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
21const unsigned char psk[] = {
22 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
23 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
24};
25const char psk_id[] = "Client_identity";
26#endif
27
28
29typedef struct fuzzBufferOffset
30{
31 const uint8_t *Data;
32 size_t Size;
33 size_t Offset;
34} fuzzBufferOffset_t;
35
36
37static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
38{
39 //silence warning about unused parameter
40 (void) ctx;
41 (void) buf;
42
43 //pretends we wrote everything ok
44 return( len );
45}
46
47static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
48{
49 //reads from the buffer from fuzzer
50 fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
51
52 if (biomemfuzz->Offset == biomemfuzz->Size) {
53 //EOF
54 return (0);
55 }
56 if (len + biomemfuzz->Offset > biomemfuzz->Size) {
57 //do not overflow
58 len = biomemfuzz->Size - biomemfuzz->Offset;
59 }
60 memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
61 biomemfuzz->Offset += len;
62 return( len );
63}
64
65static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
66{
67 int ret;
68 size_t i;
69
70 //use mbedtls_ctr_drbg_random to find bugs in it
71 ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
72 for (i=0; i<output_len; i++) {
73 //replace result with pseudo random
74 output[i] = (unsigned char) random();
75 }
76 return( ret );
77}
78
79static int dummy_entropy( void *data, unsigned char *output, size_t len )
80{
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]81 size_t i;
Philippe Antoinef0493042019-06-04 12:01:51 +0200[diff] [blame^]82 (void) data;
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]83
84 //use mbedtls_entropy_func to find bugs in it
Philippe Antoine9c7b6982018-05-29 17:00:39 +0200[diff] [blame]85 //test performance impact of entropy
86 //ret = mbedtls_entropy_func(data, output, len);
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]87 for (i=0; i<len; i++) {
88 //replace result with pseudo random
89 output[i] = (unsigned char) random();
90 }
Philippe Antoine9c7b6982018-05-29 17:00:39 +0200[diff] [blame]91 return( 0 );
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]92}
93
94
95int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
96 int ret;
97 size_t len;
98 mbedtls_ssl_context ssl;
99 mbedtls_ssl_config conf;
100 mbedtls_ctr_drbg_context ctr_drbg;
101 mbedtls_entropy_context entropy;
102#if defined(MBEDTLS_SSL_SESSION_TICKETS)
103 mbedtls_ssl_ticket_context ticket_ctx;
104#endif
105 unsigned char buf[4096];
106 fuzzBufferOffset_t biomemfuzz;
107 uint8_t options;
108
109 //we take 1 byte as options input
110 if (Size < 1) {
111 return 0;
112 }
113 options = Data[Size - 1];
114
115 if (initialized == 0) {
116#if defined(MBEDTLS_X509_CRT_PARSE_C)
117 mbedtls_x509_crt_init( &srvcert );
118 mbedtls_pk_init( &pkey );
119 if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
120 mbedtls_test_srv_crt_len ) != 0)
121 return 1;
122 if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
123 mbedtls_test_cas_pem_len ) != 0)
124 return 1;
125 if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
126 mbedtls_test_srv_key_len, NULL, 0 ) != 0)
127 return 1;
128#endif
129
130 alpn_list[0] = "HTTP";
131 alpn_list[1] = "fuzzalpn";
132 alpn_list[2] = NULL;
133
134 initialized = 1;
135 }
136 mbedtls_ssl_init( &ssl );
137 mbedtls_ssl_config_init( &conf );
138 mbedtls_ctr_drbg_init( &ctr_drbg );
139 mbedtls_entropy_init( &entropy );
140#if defined(MBEDTLS_SSL_SESSION_TICKETS)
141 mbedtls_ssl_ticket_init( &ticket_ctx );
142#endif
143
144 if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
145 (const unsigned char *) pers, strlen( pers ) ) != 0 )
146 goto exit;
147
148
149 if( mbedtls_ssl_config_defaults( &conf,
150 MBEDTLS_SSL_IS_SERVER,
151 MBEDTLS_SSL_TRANSPORT_STREAM,
152 MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
153 goto exit;
154
155 srandom(1);
156 mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
157
158#if defined(MBEDTLS_X509_CRT_PARSE_C)
159 mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
160 if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
161 goto exit;
162#endif
163
164 mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
165#if defined(MBEDTLS_SSL_ALPN)
166 if (options & 0x2) {
167 mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
168 }
169#endif
170#if defined(MBEDTLS_SSL_SESSION_TICKETS)
171 if( options & 0x4 )
172 {
173 if( mbedtls_ssl_ticket_setup( &ticket_ctx,
174 dummy_random, &ctr_drbg,
175 MBEDTLS_CIPHER_AES_256_GCM,
176 86400 ) != 0 )
177 goto exit;
178
179 mbedtls_ssl_conf_session_tickets_cb( &conf,
180 mbedtls_ssl_ticket_write,
181 mbedtls_ssl_ticket_parse,
182 &ticket_ctx );
183 }
184#endif
185#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
186 mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
187#endif
188#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
189 mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
190#endif
191#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
192 mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
193#endif
194#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
195 if (options & 0x40) {
196 mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
197 (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
198 }
199#endif
200#if defined(MBEDTLS_SSL_RENEGOTIATION)
201 mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
202#endif
203
204 if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
205 goto exit;
206
207 biomemfuzz.Data = Data;
208 biomemfuzz.Size = Size-1;
209 biomemfuzz.Offset = 0;
210 mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
211
212 mbedtls_ssl_session_reset( &ssl );
213 ret = mbedtls_ssl_handshake( &ssl );
214 if( ret == 0 )
215 {
216 //keep reading data from server until the end
217 do
218 {
219 len = sizeof( buf ) - 1;
220 ret = mbedtls_ssl_read( &ssl, buf, len );
221
222 if( ret == MBEDTLS_ERR_SSL_WANT_READ )
223 continue;
224 else if( ret <= 0 )
225 //EOF or error
226 break;
227 }
228 while( 1 );
229 }
230
231exit:
232#if defined(MBEDTLS_SSL_SESSION_TICKETS)
233 mbedtls_ssl_ticket_free( &ticket_ctx );
234#endif
235 mbedtls_entropy_free( &entropy );
236 mbedtls_ctr_drbg_free( &ctr_drbg );
237 mbedtls_ssl_config_free( &conf );
238 mbedtls_ssl_free( &ssl );
239
240 return 0;
241}