Coverage Report

Created: 2020-08-01 06:18

/src/botan/src/fuzzer/tls_client.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* (C) 2015,2016 Jack Lloyd
3
*
4
* Botan is released under the Simplified BSD License (see license.txt)
5
*/
6
7
#include "fuzzers.h"
8
#include <botan/tls_client.h>
9
10
class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager
11
   {
12
   public:
13
0
      std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }
14
680
      std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }
15
      Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override
16
680
         {
17
680
         return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899");
18
680
         }
19
   };
20
21
class Fuzzer_TLS_Policy : public Botan::TLS::Policy
22
   {
23
   public:
24
      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version,
25
                                             bool have_srp) const
26
30.8k
         {
27
30.8k
         std::vector<uint16_t> ciphersuites;
28
30.8k
29
30.8k
         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites())
30
5.64M
            {
31
5.64M
            if(suite.valid() == false)
32
0
               continue;
33
5.64M
34
5.64M
            // Are we doing SRP?
35
5.64M
            if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA)
36
277k
               continue;
37
5.37M
38
5.37M
            if(!version.supports_aead_modes())
39
0
               {
40
0
               // Are we doing AEAD in a non-AEAD version?
41
0
               if(suite.mac_algo() == "AEAD")
42
0
                  continue;
43
0
44
0
               // Older (v1.0/v1.1) versions also do not support any hash but SHA-1
45
0
               if(suite.mac_algo() != "SHA-1")
46
0
                  continue;
47
5.37M
               }
48
5.37M
49
5.37M
            ciphersuites.push_back(suite.ciphersuite_code());
50
5.37M
            }
51
30.8k
52
30.8k
         return ciphersuites;
53
30.8k
         }
54
   };
55
56
class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks
57
   {
58
   public:
59
       void tls_emit_data(const uint8_t[], size_t) override
60
14.3k
         {
61
14.3k
         // discard
62
14.3k
         }
63
64
      void tls_record_received(uint64_t, const uint8_t[], size_t) override
65
0
         {
66
0
         // ignore peer data
67
0
         }
68
69
      void tls_alert(Botan::TLS::Alert) override
70
10.8k
         {
71
10.8k
         // ignore alert
72
10.8k
         }
73
74
      bool tls_session_established(const Botan::TLS::Session&) override
75
91
         {
76
91
         return true; // cache it
77
91
         }
78
79
      void tls_verify_cert_chain(
80
         const std::vector<Botan::X509_Certificate>& cert_chain,
81
         const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
82
         const std::vector<Botan::Certificate_Store*>& trusted_roots,
83
         Botan::Usage_Type usage,
84
         const std::string& hostname,
85
         const Botan::TLS::Policy& policy) override
86
581
         {
87
581
         try
88
581
            {
89
581
            // try to validate to exercise those code paths
90
581
            Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses,
91
581
                                                         trusted_roots, usage, hostname, policy);
92
581
            }
93
581
         catch(...)
94
581
            {
95
581
            // ignore validation result
96
581
            }
97
581
         }
98
99
   };
100
101
void fuzz(const uint8_t in[], size_t len)
102
5.94k
   {
103
5.94k
   if(len == 0)
104
0
      return;
105
5.94k
106
5.94k
   Botan::TLS::Session_Manager_Noop session_manager;
107
5.94k
   Fuzzer_TLS_Policy policy;
108
5.94k
   Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;
109
5.94k
   Botan::TLS::Server_Information info("server.name", 443);
110
5.94k
   Fuzzer_TLS_Client_Callbacks callbacks;
111
5.94k
   Fuzzer_TLS_Client_Creds creds;
112
5.94k
113
5.94k
   Botan::TLS::Client client(callbacks,
114
5.94k
                             session_manager,
115
5.94k
                             creds,
116
5.94k
                             policy,
117
5.94k
                             fuzzer_rng(),
118
5.94k
                             info,
119
5.94k
                             client_offer);
120
5.94k
121
5.94k
   try
122
5.94k
      {
123
5.94k
      client.received_data(in, len);
124
5.94k
      }
125
5.94k
   catch(std::exception& e)
126
5.94k
      {
127
4.76k
      }
128
5.94k
129
5.94k
   }
130