/src/botan/src/fuzzer/tls_client.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * (C) 2015,2016 Jack Lloyd |
3 | | * |
4 | | * Botan is released under the Simplified BSD License (see license.txt) |
5 | | */ |
6 | | |
7 | | #include "fuzzers.h" |
8 | | #include <botan/tls_client.h> |
9 | | |
10 | | class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager |
11 | | { |
12 | | public: |
13 | 0 | std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; } |
14 | 648 | std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; } |
15 | | Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override |
16 | 648 | { |
17 | 648 | return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899"); |
18 | 648 | } |
19 | | }; |
20 | | |
21 | | class Fuzzer_TLS_Policy : public Botan::TLS::Policy |
22 | | { |
23 | | public: |
24 | | std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version, |
25 | | bool have_srp) const |
26 | 30.4k | { |
27 | 30.4k | std::vector<uint16_t> ciphersuites; |
28 | 30.4k | |
29 | 30.4k | for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) |
30 | 5.57M | { |
31 | 5.57M | if(suite.valid() == false) |
32 | 0 | continue; |
33 | 5.57M | |
34 | 5.57M | // Are we doing SRP? |
35 | 5.57M | if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA) |
36 | 274k | continue; |
37 | 5.30M | |
38 | 5.30M | if(!version.supports_aead_modes()) |
39 | 0 | { |
40 | 0 | // Are we doing AEAD in a non-AEAD version? |
41 | 0 | if(suite.mac_algo() == "AEAD") |
42 | 0 | continue; |
43 | 0 | |
44 | 0 | // Older (v1.0/v1.1) versions also do not support any hash but SHA-1 |
45 | 0 | if(suite.mac_algo() != "SHA-1") |
46 | 0 | continue; |
47 | 5.30M | } |
48 | 5.30M | |
49 | 5.30M | ciphersuites.push_back(suite.ciphersuite_code()); |
50 | 5.30M | } |
51 | 30.4k | |
52 | 30.4k | return ciphersuites; |
53 | 30.4k | } |
54 | | }; |
55 | | |
56 | | class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks |
57 | | { |
58 | | public: |
59 | | void tls_emit_data(const uint8_t[], size_t) override |
60 | 13.2k | { |
61 | 13.2k | // discard |
62 | 13.2k | } |
63 | | |
64 | | void tls_record_received(uint64_t, const uint8_t[], size_t) override |
65 | 0 | { |
66 | 0 | // ignore peer data |
67 | 0 | } |
68 | | |
69 | | void tls_alert(Botan::TLS::Alert) override |
70 | 10.7k | { |
71 | 10.7k | // ignore alert |
72 | 10.7k | } |
73 | | |
74 | | bool tls_session_established(const Botan::TLS::Session&) override |
75 | 100 | { |
76 | 100 | return true; // cache it |
77 | 100 | } |
78 | | |
79 | | void tls_verify_cert_chain( |
80 | | const std::vector<Botan::X509_Certificate>& cert_chain, |
81 | | const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses, |
82 | | const std::vector<Botan::Certificate_Store*>& trusted_roots, |
83 | | Botan::Usage_Type usage, |
84 | | const std::string& hostname, |
85 | | const Botan::TLS::Policy& policy) override |
86 | 687 | { |
87 | 687 | try |
88 | 687 | { |
89 | 687 | // try to validate to exercise those code paths |
90 | 687 | Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, |
91 | 687 | trusted_roots, usage, hostname, policy); |
92 | 687 | } |
93 | 687 | catch(...) |
94 | 687 | { |
95 | 687 | // ignore validation result |
96 | 687 | } |
97 | 687 | } |
98 | | |
99 | | }; |
100 | | |
101 | | void fuzz(const uint8_t in[], size_t len) |
102 | 5.71k | { |
103 | 5.71k | if(len == 0) |
104 | 0 | return; |
105 | 5.71k | |
106 | 5.71k | Botan::TLS::Session_Manager_Noop session_manager; |
107 | 5.71k | Fuzzer_TLS_Policy policy; |
108 | 5.71k | Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12; |
109 | 5.71k | Botan::TLS::Server_Information info("server.name", 443); |
110 | 5.71k | Fuzzer_TLS_Client_Callbacks callbacks; |
111 | 5.71k | Fuzzer_TLS_Client_Creds creds; |
112 | 5.71k | |
113 | 5.71k | Botan::TLS::Client client(callbacks, |
114 | 5.71k | session_manager, |
115 | 5.71k | creds, |
116 | 5.71k | policy, |
117 | 5.71k | fuzzer_rng(), |
118 | 5.71k | info, |
119 | 5.71k | client_offer); |
120 | 5.71k | |
121 | 5.71k | try |
122 | 5.71k | { |
123 | 5.71k | client.received_data(in, len); |
124 | 5.71k | } |
125 | 5.71k | catch(std::exception& e) |
126 | 5.71k | { |
127 | 4.81k | } |
128 | 5.71k | |
129 | 5.71k | } |
130 | | |