TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 03e87d909dd7050f8d36c676842f8430ff603424 / . / tests / fuzz / fuzz_server.c
blob: eef0002e3166f870f04905686297693bc3a33b31 [file] [log] [blame]
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]1#include "mbedtls/ssl.h"
2#include "mbedtls/entropy.h"
3#include "mbedtls/ctr_drbg.h"
4#include "mbedtls/certs.h"
5#include "mbedtls/ssl_ticket.h"
Philippe Antoine08633822019-06-04 14:03:06 +0200[diff] [blame]6#include "common.h"
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]7#include <string.h>
8#include <stdlib.h>
9#include <stdbool.h>
10#include <stdint.h>
11
12
13const char *pers = "fuzz_server";
14static bool initialized = 0;
15#if defined(MBEDTLS_X509_CRT_PARSE_C)
16static mbedtls_x509_crt srvcert;
17static mbedtls_pk_context pkey;
18#endif
19const char *alpn_list[3];
20
21#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
22const unsigned char psk[] = {
23 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
24 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
25};
26const char psk_id[] = "Client_identity";
27#endif
28
29
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]30int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
31 int ret;
32 size_t len;
33 mbedtls_ssl_context ssl;
34 mbedtls_ssl_config conf;
35 mbedtls_ctr_drbg_context ctr_drbg;
36 mbedtls_entropy_context entropy;
37#if defined(MBEDTLS_SSL_SESSION_TICKETS)
38 mbedtls_ssl_ticket_context ticket_ctx;
39#endif
40 unsigned char buf[4096];
41 fuzzBufferOffset_t biomemfuzz;
42 uint8_t options;
43
44 //we take 1 byte as options input
45 if (Size < 1) {
46 return 0;
47 }
48 options = Data[Size - 1];
49
50 if (initialized == 0) {
51#if defined(MBEDTLS_X509_CRT_PARSE_C)
52 mbedtls_x509_crt_init( &srvcert );
53 mbedtls_pk_init( &pkey );
54 if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
55 mbedtls_test_srv_crt_len ) != 0)
56 return 1;
57 if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
58 mbedtls_test_cas_pem_len ) != 0)
59 return 1;
60 if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
61 mbedtls_test_srv_key_len, NULL, 0 ) != 0)
62 return 1;
63#endif
64
65 alpn_list[0] = "HTTP";
66 alpn_list[1] = "fuzzalpn";
67 alpn_list[2] = NULL;
68
Philippe Antoine08633822019-06-04 14:03:06 +0200[diff] [blame]69 dummy_init();
70
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]71 initialized = 1;
72 }
73 mbedtls_ssl_init( &ssl );
74 mbedtls_ssl_config_init( &conf );
75 mbedtls_ctr_drbg_init( &ctr_drbg );
76 mbedtls_entropy_init( &entropy );
77#if defined(MBEDTLS_SSL_SESSION_TICKETS)
78 mbedtls_ssl_ticket_init( &ticket_ctx );
79#endif
80
81 if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
82 (const unsigned char *) pers, strlen( pers ) ) != 0 )
83 goto exit;
84
85
86 if( mbedtls_ssl_config_defaults( &conf,
87 MBEDTLS_SSL_IS_SERVER,
88 MBEDTLS_SSL_TRANSPORT_STREAM,
89 MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
90 goto exit;
91
Philippe Antoine2b7c9a22019-06-04 12:05:36 +0200[diff] [blame]92 srand(1);
Philippe Antoine72333522018-05-03 16:40:24 +0200[diff] [blame]93 mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
94
95#if defined(MBEDTLS_X509_CRT_PARSE_C)
96 mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
97 if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
98 goto exit;
99#endif
100
101 mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
102#if defined(MBEDTLS_SSL_ALPN)
103 if (options & 0x2) {
104 mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
105 }
106#endif
107#if defined(MBEDTLS_SSL_SESSION_TICKETS)
108 if( options & 0x4 )
109 {
110 if( mbedtls_ssl_ticket_setup( &ticket_ctx,
111 dummy_random, &ctr_drbg,
112 MBEDTLS_CIPHER_AES_256_GCM,
113 86400 ) != 0 )
114 goto exit;
115
116 mbedtls_ssl_conf_session_tickets_cb( &conf,
117 mbedtls_ssl_ticket_write,
118 mbedtls_ssl_ticket_parse,
119 &ticket_ctx );
120 }
121#endif
122#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
123 mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
124#endif
125#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
126 mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
127#endif
128#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
129 mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
130#endif
131#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
132 if (options & 0x40) {
133 mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
134 (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
135 }
136#endif
137#if defined(MBEDTLS_SSL_RENEGOTIATION)
138 mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
139#endif
140
141 if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
142 goto exit;
143
144 biomemfuzz.Data = Data;
145 biomemfuzz.Size = Size-1;
146 biomemfuzz.Offset = 0;
147 mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
148
149 mbedtls_ssl_session_reset( &ssl );
150 ret = mbedtls_ssl_handshake( &ssl );
151 if( ret == 0 )
152 {
153 //keep reading data from server until the end
154 do
155 {
156 len = sizeof( buf ) - 1;
157 ret = mbedtls_ssl_read( &ssl, buf, len );
158
159 if( ret == MBEDTLS_ERR_SSL_WANT_READ )
160 continue;
161 else if( ret <= 0 )
162 //EOF or error
163 break;
164 }
165 while( 1 );
166 }
167
168exit:
169#if defined(MBEDTLS_SSL_SESSION_TICKETS)
170 mbedtls_ssl_ticket_free( &ticket_ctx );
171#endif
172 mbedtls_entropy_free( &entropy );
173 mbedtls_ctr_drbg_free( &ctr_drbg );
174 mbedtls_ssl_config_free( &conf );
175 mbedtls_ssl_free( &ssl );
176
177 return 0;
178}