Coverage Report

Created: 2020-11-21 08:34

/src/botan/src/fuzzer/tls_client.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* (C) 2015,2016 Jack Lloyd
3
*
4
* Botan is released under the Simplified BSD License (see license.txt)
5
*/
6
7
#include "fuzzers.h"
8
#include <botan/tls_client.h>
9
10
class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager
11
   {
12
   public:
13
0
      std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }
14
590
      std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }
15
      Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override
16
590
         {
17
590
         return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899");
18
590
         }
19
   };
20
21
class Fuzzer_TLS_Policy : public Botan::TLS::Policy
22
   {
23
   public:
24
      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version,
25
                                             bool have_srp) const override
26
31.9k
         {
27
31.9k
         std::vector<uint16_t> ciphersuites;
28
29
31.9k
         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites())
30
5.85M
            {
31
5.85M
            if(suite.valid() == false)
32
0
               continue;
33
34
            // Are we doing SRP?
35
5.85M
            if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA)
36
287k
               continue;
37
38
5.56M
            if(!version.supports_aead_modes())
39
0
               {
40
               // Are we doing AEAD in a non-AEAD version?
41
0
               if(suite.mac_algo() == "AEAD")
42
0
                  continue;
43
44
               // Older (v1.0/v1.1) versions also do not support any hash but SHA-1
45
0
               if(suite.mac_algo() != "SHA-1")
46
0
                  continue;
47
5.56M
               }
48
49
5.56M
            ciphersuites.push_back(suite.ciphersuite_code());
50
5.56M
            }
51
52
31.9k
         return ciphersuites;
53
31.9k
         }
54
   };
55
56
class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks
57
   {
58
   public:
59
       void tls_emit_data(const uint8_t[], size_t) override
60
14.3k
         {
61
         // discard
62
14.3k
         }
63
64
      void tls_record_received(uint64_t, const uint8_t[], size_t) override
65
0
         {
66
         // ignore peer data
67
0
         }
68
69
      void tls_alert(Botan::TLS::Alert) override
70
9.93k
         {
71
         // ignore alert
72
9.93k
         }
73
74
      bool tls_session_established(const Botan::TLS::Session&) override
75
88
         {
76
88
         return true; // cache it
77
88
         }
78
79
      void tls_verify_cert_chain(
80
         const std::vector<Botan::X509_Certificate>& cert_chain,
81
         const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
82
         const std::vector<Botan::Certificate_Store*>& trusted_roots,
83
         Botan::Usage_Type usage,
84
         const std::string& hostname,
85
         const Botan::TLS::Policy& policy) override
86
526
         {
87
526
         try
88
526
            {
89
            // try to validate to exercise those code paths
90
526
            Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses,
91
526
                                                         trusted_roots, usage, hostname, policy);
92
526
            }
93
526
         catch(...)
94
526
            {
95
            // ignore validation result
96
526
            }
97
526
         }
98
99
   };
100
101
void fuzz(const uint8_t in[], size_t len)
102
6.01k
   {
103
6.01k
   if(len == 0)
104
0
      return;
105
106
6.01k
   Botan::TLS::Session_Manager_Noop session_manager;
107
6.01k
   Fuzzer_TLS_Policy policy;
108
6.01k
   Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;
109
6.01k
   Botan::TLS::Server_Information info("server.name", 443);
110
6.01k
   Fuzzer_TLS_Client_Callbacks callbacks;
111
6.01k
   Fuzzer_TLS_Client_Creds creds;
112
113
6.01k
   Botan::TLS::Client client(callbacks,
114
6.01k
                             session_manager,
115
6.01k
                             creds,
116
6.01k
                             policy,
117
6.01k
                             fuzzer_rng(),
118
6.01k
                             info,
119
6.01k
                             client_offer);
120
121
6.01k
   try
122
6.01k
      {
123
6.01k
      client.received_data(in, len);
124
6.01k
      }
125
6.01k
   catch(std::exception& e)
126
4.80k
      {
127
4.80k
      }
128
129
6.01k
   }
130