Coverage Report

Created: 2021-02-21 07:20

/src/botan/src/fuzzer/tls_client.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* (C) 2015,2016 Jack Lloyd
3
*
4
* Botan is released under the Simplified BSD License (see license.txt)
5
*/
6
7
#include "fuzzers.h"
8
#include <botan/tls_client.h>
9
10
class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager
11
   {
12
   public:
13
0
      std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }
14
1.22k
      std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }
15
      Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override
16
1.22k
         {
17
1.22k
         return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899");
18
1.22k
         }
19
   };
20
21
class Fuzzer_TLS_Policy : public Botan::TLS::Policy
22
   {
23
   public:
24
      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version) const override
25
28.2k
         {
26
28.2k
         std::vector<uint16_t> ciphersuites;
27
28
28.2k
         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites())
29
2.68M
            {
30
2.68M
            if(suite.valid() == false)
31
0
               continue;
32
33
2.68M
            if(!version.supports_aead_modes())
34
0
               {
35
               // Are we doing AEAD in a non-AEAD version?
36
0
               if(suite.mac_algo() == "AEAD")
37
0
                  continue;
38
39
               // Older (v1.0/v1.1) versions also do not support any hash but SHA-1
40
0
               if(suite.mac_algo() != "SHA-1")
41
0
                  continue;
42
2.68M
               }
43
44
2.68M
            ciphersuites.push_back(suite.ciphersuite_code());
45
2.68M
            }
46
47
28.2k
         return ciphersuites;
48
28.2k
         }
49
   };
50
51
class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks
52
   {
53
   public:
54
       void tls_emit_data(const uint8_t[], size_t) override
55
14.8k
         {
56
         // discard
57
14.8k
         }
58
59
      void tls_record_received(uint64_t, const uint8_t[], size_t) override
60
0
         {
61
         // ignore peer data
62
0
         }
63
64
      void tls_alert(Botan::TLS::Alert) override
65
10.6k
         {
66
         // ignore alert
67
10.6k
         }
68
69
      bool tls_session_established(const Botan::TLS::Session&) override
70
54
         {
71
54
         return true; // cache it
72
54
         }
73
74
      void tls_verify_cert_chain(
75
         const std::vector<Botan::X509_Certificate>& cert_chain,
76
         const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
77
         const std::vector<Botan::Certificate_Store*>& trusted_roots,
78
         Botan::Usage_Type usage,
79
         const std::string& hostname,
80
         const Botan::TLS::Policy& policy) override
81
575
         {
82
575
         try
83
575
            {
84
            // try to validate to exercise those code paths
85
575
            Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses,
86
575
                                                         trusted_roots, usage, hostname, policy);
87
575
            }
88
575
         catch(...)
89
575
            {
90
            // ignore validation result
91
575
            }
92
575
         }
93
94
   };
95
96
void fuzz(const uint8_t in[], size_t len)
97
6.31k
   {
98
6.31k
   if(len == 0)
99
0
      return;
100
101
6.31k
   Botan::TLS::Session_Manager_Noop session_manager;
102
6.31k
   Fuzzer_TLS_Policy policy;
103
6.31k
   Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;
104
6.31k
   Botan::TLS::Server_Information info("server.name", 443);
105
6.31k
   Fuzzer_TLS_Client_Callbacks callbacks;
106
6.31k
   Fuzzer_TLS_Client_Creds creds;
107
108
6.31k
   Botan::TLS::Client client(callbacks,
109
6.31k
                             session_manager,
110
6.31k
                             creds,
111
6.31k
                             policy,
112
6.31k
                             fuzzer_rng(),
113
6.31k
                             info,
114
6.31k
                             client_offer);
115
116
6.31k
   try
117
6.31k
      {
118
6.31k
      client.received_data(in, len);
119
6.31k
      }
120
6.31k
   catch(std::exception& e)
121
5.01k
      {
122
5.01k
      }
123
124
6.31k
   }
125