TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 08633825c0c4924aff342d5ce07373cfbc8f7426 / . / tests / fuzz / fuzz_dtlsclient.c
blob: 4215313f14c6802f48c9e7c6ff1f2098bb8d56f1 [file] [log] [blame]
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]1#include <string.h>
2#include <stdlib.h>
3#include <stdbool.h>
4#include <stdint.h>
Philippe Antoine08633822019-06-04 14:03:06 +0200[diff] [blame^]5#include "common.h"
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]6#include "mbedtls/ssl.h"
7#if defined(MBEDTLS_SSL_PROTO_DTLS)
8#include "mbedtls/entropy.h"
9#include "mbedtls/ctr_drbg.h"
10#include "mbedtls/certs.h"
11#include "mbedtls/timing.h"
12
13
14static bool initialized = 0;
15#if defined(MBEDTLS_X509_CRT_PARSE_C)
16static mbedtls_x509_crt cacert;
17#endif
18
19
20const char *pers = "fuzz_dtlsclient";
21
22
23typedef struct fuzzBufferOffset
24{
25 const uint8_t *Data;
26 size_t Size;
27 size_t Offset;
28} fuzzBufferOffset_t;
29
30static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
31{
32 //silence warning about unused parameter
33 (void) ctx;
34 (void) buf;
35
36 //pretends we wrote everything ok
37 return( len );
38}
39
40static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
41{
42 //reads from the buffer from fuzzer
43 fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
44
45 if (biomemfuzz->Offset == biomemfuzz->Size) {
46 //EOF
47 return (0);
48 }
49 if (len + biomemfuzz->Offset > biomemfuzz->Size) {
50 //do not overflow
51 len = biomemfuzz->Size - biomemfuzz->Offset;
52 }
53 memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
54 biomemfuzz->Offset += len;
55 return( len );
56}
57
58static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
59 uint32_t timeout )
60{
61 (void) timeout;
62
63 return fuzz_recv(ctx, buf, len);
64}
65
66static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
67{
68 int ret;
69 size_t i;
70
71 //use mbedtls_ctr_drbg_random to find bugs in it
72 ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
73 for (i=0; i<output_len; i++) {
74 //replace result with pseudo random
Philippe Antoine2b7c9a22019-06-04 12:05:36 +0200[diff] [blame]75 output[i] = (unsigned char) rand();
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]76 }
77 return( ret );
78}
79
80static int dummy_entropy( void *data, unsigned char *output, size_t len )
81{
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]82 size_t i;
Philippe Antoinef0493042019-06-04 12:01:51 +0200[diff] [blame]83 (void) data;
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]84
85 //use mbedtls_entropy_func to find bugs in it
Philippe Antoine9c7b6982018-05-29 17:00:39 +0200[diff] [blame]86 //test performance impact of entropy
87 //ret = mbedtls_entropy_func(data, output, len);
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]88 for (i=0; i<len; i++) {
89 //replace result with pseudo random
Philippe Antoine2b7c9a22019-06-04 12:05:36 +0200[diff] [blame]90 output[i] = (unsigned char) rand();
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]91 }
Philippe Antoine9c7b6982018-05-29 17:00:39 +0200[diff] [blame]92 return( 0 );
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]93}
94#endif
95
96
97
98int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
99#if defined(MBEDTLS_SSL_PROTO_DTLS)
100 int ret;
101 size_t len;
102 mbedtls_ssl_context ssl;
103 mbedtls_ssl_config conf;
104 mbedtls_ctr_drbg_context ctr_drbg;
105 mbedtls_entropy_context entropy;
106 mbedtls_timing_delay_context timer;
107 unsigned char buf[4096];
108 fuzzBufferOffset_t biomemfuzz;
109
110 if (initialized == 0) {
111#if defined(MBEDTLS_X509_CRT_PARSE_C)
112 mbedtls_x509_crt_init( &cacert );
113 if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
114 mbedtls_test_cas_pem_len ) != 0)
115 return 1;
116#endif
Philippe Antoine08633822019-06-04 14:03:06 +0200[diff] [blame^]117 dummy_init();
118
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]119 initialized = 1;
120 }
121
122 mbedtls_ssl_init( &ssl );
123 mbedtls_ssl_config_init( &conf );
124 mbedtls_ctr_drbg_init( &ctr_drbg );
125 mbedtls_entropy_init( &entropy );
126
Philippe Antoine2b7c9a22019-06-04 12:05:36 +0200[diff] [blame]127 srand(1);
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]128 if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
129 (const unsigned char *) pers, strlen( pers ) ) != 0 )
130 goto exit;
131
132 if( mbedtls_ssl_config_defaults( &conf,
133 MBEDTLS_SSL_IS_CLIENT,
134 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
135 MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
136 goto exit;
137
138#if defined(MBEDTLS_X509_CRT_PARSE_C)
139 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
140#endif
141 mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
142 mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
143
144 if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
145 goto exit;
146
147 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
148 mbedtls_timing_get_delay );
149
150#if defined(MBEDTLS_X509_CRT_PARSE_C)
151 if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
152 goto exit;
153#endif
154
155 biomemfuzz.Data = Data;
156 biomemfuzz.Size = Size;
157 biomemfuzz.Offset = 0;
158 mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
159
160 ret = mbedtls_ssl_handshake( &ssl );
161 if( ret == 0 )
162 {
163 //keep reading data from server until the end
164 do
165 {
166 len = sizeof( buf ) - 1;
167 ret = mbedtls_ssl_read( &ssl, buf, len );
168
169 if( ret == MBEDTLS_ERR_SSL_WANT_READ )
170 continue;
171 else if( ret <= 0 )
172 //EOF or error
173 break;
174 }
175 while( 1 );
176 }
177
178exit:
179 mbedtls_entropy_free( &entropy );
180 mbedtls_ctr_drbg_free( &ctr_drbg );
181 mbedtls_ssl_config_free( &conf );
182 mbedtls_ssl_free( &ssl );
183
184#else
185 (void) Data;
186 (void) Size;
187#endif
188 return 0;
189}