/src/botan/src/fuzzer/tls_server.cpp

Source (jump to first uncovered line)
/*
* (C) 2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "fuzzers.h"
#include <botan/tls_server.h>
#include <botan/data_src.h>

const char* fixed_rsa_key =
   "-----BEGIN PRIVATE KEY-----\n"
   "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCe6qqpMQVJ7zCJ\n"
   "oSnpxia0yO6M7Ie3FGqPcd0DzueC+kWPvuHQ+PpP5vfO6qqRaDVII37PFX5NUZQm\n"
   "GK/rAm7spjIHTCMgqSZ8pN13LU8m1gDwIdu9al16LXN9zZjB67uLlFn2trtLi234\n"
   "i0cnyeF8IC0cz7tgCOzMSVEBcqJjkdgGrZ3WUgOXecVm2lXVrYlEiaSxFp4VOE9k\n"
   "RFeVrELCjmNtc4hRd1yJsF+vObCtvyqGYQE1Qcb0MVSQDBHMkiUVmO6zuW7td5ef\n"
   "O/1OyntQJGyVa+SnWbkSLCybta2J7MreHENrF5GA0K1KL140SNRHeWifRMuNQua7\n"
   "qmKXMBTFAgMBAAECggEAIk3fxyQI0zvpy1vZ01ft1QqmzA7nAPNMSWi33/GS8iga\n"
   "SfxXfKeySPs/tQ/dAARxs//NiOBH4mLgyxR7LQzaawU5OXALCSraXv+ruuUx990s\n"
   "WKnGaG4EfbJAAwEVn47Gbkv425P4fEc91vAhzQn8PbIoatbAyOtESpjs/pYDTeC/\n"
   "mnJId8gqO90cqyRECEMjk9sQ8iEjWPlik4ayGlUVbeeMu6/pJ9F8IZEgkLZiNDAB\n"
   "4anmOFaT7EmqUjI4IlcaqfbbXyDXlvWUYukidEss+CNvPuqbQHBDnpFVvBxdDR2N\n"
   "Uj2D5Xd5blcIe2/+1IVRnznjoQ5zvutzb7ThBmMehQKBgQDOITKG0ht2kXLxjVoR\n"
   "r/pVpx+f3hs3H7wE0+vrLHoQgkVjpMWXQ47YuZTT9rCOOYNI2cMoH2D27t1j78/B\n"
   "9kGYABUVpvQQ+6amqJDI1eYI6e68TPueEDjeALfSCdmPNiI3lZZrCIK9XLpkoy8K\n"
   "tGYBRRJ+JJxjj1zPXj9SGshPgwKBgQDFXUtoxY3mCStH3+0b1qxGG9r1L5goHEmd\n"
   "Am8WBYDheNpL0VqPNzouhuM/ZWMGyyAs/py6aLATe+qhR1uX5vn7LVZwjCSONZ4j\n"
   "7ieEEUh1BHetPI1oI5PxgokRYfVuckotqVseanI/536Er3Yf2FXNQ1/ceVp9WykX\n"
   "3mYTKMhQFwKBgQDKakcXpZNaZ5IcKdZcsBZ/rdGcR5sqEnursf9lvRNQytwg8Vkn\n"
   "JSxNHlBLpV/TCh8lltHRwJ6TXhUBYij+KzhWbx5FWOErHDOWTMmArqtp7W6GcoJT\n"
   "wVJWjxXzp8CApYQMWVSQXpckJL7UvHohZO0WKiHyxTjde5aD++TqV2qEyQKBgBbD\n"
   "jvoTpy08K4DLxCZs2Uvw1I1pIuylbpwsdrGciuP2s38BM6fHH+/T4Qwj3osfDKQD\n"
   "7gHWJ1Dn/wUBHQBlRLoC3bB3iZPZfVb5lhc2gxv0GvWhQVIcoGi/vJ2DpfJKPmIL\n"
   "4ZWdg3X5dm9JaZ98rVDSj5D3ckd5J0E4hp95GbmbAoGBAJJHM4O9lx60tIjw9Sf/\n"
   "QmKWyUk0NLnt8DcgRMW7fVxtzPNDy9DBKGIkDdWZ2s+ForICA3C9WSxBC1EOEHGG\n"
   "xkg2xKt66CeutGroP6M191mHQrRClt1VbEYzQFX21BCk5kig9i/BURyoTHtFiV+t\n"
   "kbf4VLg8Vk9u/R3RU1HsYWhe\n"
   "-----END PRIVATE KEY-----\n";

const char* fixed_rsa_cert =
   "-----BEGIN CERTIFICATE-----\n"
   "MIIDUDCCAjgCCQD7pIb1ZsoafjANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJW\n"
   "VDEQMA4GA1UECAwHVmVybW9udDEWMBQGA1UEBwwNVGhlIEludGVybmV0czEUMBIG\n"
   "A1UECgwLTWFuZ29zIFIgVXMxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTAe\n"
   "Fw0xNjAxMDYxNzQ3MjNaFw0yNjAxMDMxNzQ3MjNaMGoxCzAJBgNVBAYTAlZUMRAw\n"
   "DgYDVQQIDAdWZXJtb250MRYwFAYDVQQHDA1UaGUgSW50ZXJuZXRzMRQwEgYDVQQK\n"
   "DAtNYW5nb3MgUiBVczEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMIIBIjAN\n"
   "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuqqqTEFSe8wiaEp6cYmtMjujOyH\n"
   "txRqj3HdA87ngvpFj77h0Pj6T+b3zuqqkWg1SCN+zxV+TVGUJhiv6wJu7KYyB0wj\n"
   "IKkmfKTddy1PJtYA8CHbvWpdei1zfc2Yweu7i5RZ9ra7S4tt+ItHJ8nhfCAtHM+7\n"
   "YAjszElRAXKiY5HYBq2d1lIDl3nFZtpV1a2JRImksRaeFThPZERXlaxCwo5jbXOI\n"
   "UXdcibBfrzmwrb8qhmEBNUHG9DFUkAwRzJIlFZjus7lu7XeXnzv9Tsp7UCRslWvk\n"
   "p1m5Eiwsm7WtiezK3hxDaxeRgNCtSi9eNEjUR3lon0TLjULmu6pilzAUxQIDAQAB\n"
   "MA0GCSqGSIb3DQEBCwUAA4IBAQA1eZGc/4V7z/E/6eG0hVkzoAZeuTcSP7WqBSx+\n"
   "OP2yh0163UYjoa6nehmkKYQQ9PbYPZGzIcl+dBFyYzy6jcp0NdtzpWnTFrjl4rMq\n"
   "akcQ1D0LTYjJXVP9G/vF/SvatOFeVTnQmLlLt/a8ZtRUINqejeZZPzH8ifzFW6tu\n"
   "mlhTVIEKyPHpxClh5Y3ubw/mZYygekFTqMkTx3FwJxKU8J6rYGZxanWAODUIvCUo\n"
   "Fxer1qC5Love3uWl3vXPLEZWZdORnExSRByzz2immBP2vX4zYZoeZRhTQ9ae1TIV\n"
   "Dk02a/1AOJZdZReDbgXhlqaUx5pk/rzo4mDzvu5HSCeXmClz\n"
   "-----END CERTIFICATE-----\n";

class Fuzzer_TLS_Server_Creds : public Botan::Credentials_Manager
   {
   public:
      Fuzzer_TLS_Server_Creds()
         {
         Botan::DataSource_Memory cert_in(fixed_rsa_cert);
         Botan::DataSource_Memory key_in(fixed_rsa_key);

         m_rsa_cert.reset(new Botan::X509_Certificate(cert_in));
         //m_rsa_key.reset(Botan::PKCS8::load_key(key_in, fuzzer_rng());
         }

      std::vector<Botan::X509_Certificate> cert_chain(
         const std::vector<std::string>& algos,
         const std::string& /*type*/,
         const std::string& /*hostname*/) override
         {
         std::vector<Botan::X509_Certificate> v;

         for(auto algo : algos)
            {
            if(algo == "RSA")
               {
               v.push_back(*m_rsa_cert);
               break;
               }
            }

         return v;
         }

      Botan::Private_Key* private_key_for(const Botan::X509_Certificate& /*cert*/,
                                          const std::string& /*type*/,
                                          const std::string& /*context*/) override
         {
         return m_rsa_key.get();
         }

      std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }
      std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }
      Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override
         {
         return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899");
         }
   private:
      std::unique_ptr<Botan::X509_Certificate> m_rsa_cert;
      std::unique_ptr<Botan::Private_Key> m_rsa_key;
   };

class Fuzzer_TLS_Policy : public Botan::TLS::Policy
   {
   public:
      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version) const override
         {
         std::vector<uint16_t> ciphersuites;

         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites())
            {
            if(suite.valid())
               ciphersuites.push_back(suite.ciphersuite_code());
            }

         return ciphersuites;
         }
   };

class Fuzzer_TLS_Server_Callbacks : public Botan::TLS::Callbacks
   {
   public:
       void tls_emit_data(const uint8_t[], size_t) override
         {
         // discard
         }

      void tls_record_received(uint64_t, const uint8_t[], size_t) override
         {
         // ignore peer data
         }

      void tls_alert(Botan::TLS::Alert) override
         {
         // ignore alert
         }

      bool tls_session_established(const Botan::TLS::Session&) override
         {
         return true; // cache it
         }

      std::string tls_server_choose_app_protocol(const std::vector<std::string>& client_protos) override
         {
         if(client_protos.size() > 1)
            return client_protos[0];
         else
            return "fuzzy";
         }

      void tls_verify_cert_chain(
         const std::vector<Botan::X509_Certificate>& cert_chain,
         const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
         const std::vector<Botan::Certificate_Store*>& trusted_roots,
         Botan::Usage_Type usage,
         const std::string& hostname,
         const Botan::TLS::Policy& policy) override
         {
         try
            {
            // try to validate to exercise those code paths
            Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses,
                                                         trusted_roots, usage, hostname, policy);
            }
         catch(...)
            {
            // ignore validation result
            }
         }

   };

void fuzz(const uint8_t in[], size_t len)
   {
   if(len <= 1)
      return;

   Botan::TLS::Session_Manager_Noop session_manager;
   Fuzzer_TLS_Policy policy;
   Botan::TLS::Server_Information info("server.name", 443);
   Fuzzer_TLS_Server_Creds creds;
   Fuzzer_TLS_Server_Callbacks callbacks;

   const bool is_datagram = in[0] & 1;

   Botan::TLS::Server server(callbacks,
                             session_manager,
                             creds,
                             policy,
                             fuzzer_rng(),
                             is_datagram);

   try
      {
      server.received_data(in + 1, len - 1);
      }
   catch(std::exception& e)
      {
      }
   }

Coverage Report

Created: 2022-06-23 06:44

Line	Count	Source (jump to first uncovered line)
1		/*
2		* (C) 2015,2016 Jack Lloyd
3		*
4		* Botan is released under the Simplified BSD License (see license.txt)
5		*/
6
7		#include "fuzzers.h"
8		#include <botan/tls_server.h>
9		#include <botan/data_src.h>
10
11		const char* fixed_rsa_key =
12		"-----BEGIN PRIVATE KEY-----\n"
13		"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCe6qqpMQVJ7zCJ\n"
14		"oSnpxia0yO6M7Ie3FGqPcd0DzueC+kWPvuHQ+PpP5vfO6qqRaDVII37PFX5NUZQm\n"
15		"GK/rAm7spjIHTCMgqSZ8pN13LU8m1gDwIdu9al16LXN9zZjB67uLlFn2trtLi234\n"
16		"i0cnyeF8IC0cz7tgCOzMSVEBcqJjkdgGrZ3WUgOXecVm2lXVrYlEiaSxFp4VOE9k\n"
17		"RFeVrELCjmNtc4hRd1yJsF+vObCtvyqGYQE1Qcb0MVSQDBHMkiUVmO6zuW7td5ef\n"
18		"O/1OyntQJGyVa+SnWbkSLCybta2J7MreHENrF5GA0K1KL140SNRHeWifRMuNQua7\n"
19		"qmKXMBTFAgMBAAECggEAIk3fxyQI0zvpy1vZ01ft1QqmzA7nAPNMSWi33/GS8iga\n"
20		"SfxXfKeySPs/tQ/dAARxs//NiOBH4mLgyxR7LQzaawU5OXALCSraXv+ruuUx990s\n"
21		"WKnGaG4EfbJAAwEVn47Gbkv425P4fEc91vAhzQn8PbIoatbAyOtESpjs/pYDTeC/\n"
22		"mnJId8gqO90cqyRECEMjk9sQ8iEjWPlik4ayGlUVbeeMu6/pJ9F8IZEgkLZiNDAB\n"
23		"4anmOFaT7EmqUjI4IlcaqfbbXyDXlvWUYukidEss+CNvPuqbQHBDnpFVvBxdDR2N\n"
24		"Uj2D5Xd5blcIe2/+1IVRnznjoQ5zvutzb7ThBmMehQKBgQDOITKG0ht2kXLxjVoR\n"
25		"r/pVpx+f3hs3H7wE0+vrLHoQgkVjpMWXQ47YuZTT9rCOOYNI2cMoH2D27t1j78/B\n"
26		"9kGYABUVpvQQ+6amqJDI1eYI6e68TPueEDjeALfSCdmPNiI3lZZrCIK9XLpkoy8K\n"
27		"tGYBRRJ+JJxjj1zPXj9SGshPgwKBgQDFXUtoxY3mCStH3+0b1qxGG9r1L5goHEmd\n"
28		"Am8WBYDheNpL0VqPNzouhuM/ZWMGyyAs/py6aLATe+qhR1uX5vn7LVZwjCSONZ4j\n"
29		"7ieEEUh1BHetPI1oI5PxgokRYfVuckotqVseanI/536Er3Yf2FXNQ1/ceVp9WykX\n"
30		"3mYTKMhQFwKBgQDKakcXpZNaZ5IcKdZcsBZ/rdGcR5sqEnursf9lvRNQytwg8Vkn\n"
31		"JSxNHlBLpV/TCh8lltHRwJ6TXhUBYij+KzhWbx5FWOErHDOWTMmArqtp7W6GcoJT\n"
32		"wVJWjxXzp8CApYQMWVSQXpckJL7UvHohZO0WKiHyxTjde5aD++TqV2qEyQKBgBbD\n"
33		"jvoTpy08K4DLxCZs2Uvw1I1pIuylbpwsdrGciuP2s38BM6fHH+/T4Qwj3osfDKQD\n"
34		"7gHWJ1Dn/wUBHQBlRLoC3bB3iZPZfVb5lhc2gxv0GvWhQVIcoGi/vJ2DpfJKPmIL\n"
35		"4ZWdg3X5dm9JaZ98rVDSj5D3ckd5J0E4hp95GbmbAoGBAJJHM4O9lx60tIjw9Sf/\n"
36		"QmKWyUk0NLnt8DcgRMW7fVxtzPNDy9DBKGIkDdWZ2s+ForICA3C9WSxBC1EOEHGG\n"
37		"xkg2xKt66CeutGroP6M191mHQrRClt1VbEYzQFX21BCk5kig9i/BURyoTHtFiV+t\n"
38		"kbf4VLg8Vk9u/R3RU1HsYWhe\n"
39		"-----END PRIVATE KEY-----\n";
40
41		const char* fixed_rsa_cert =
42		"-----BEGIN CERTIFICATE-----\n"
43		"MIIDUDCCAjgCCQD7pIb1ZsoafjANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJW\n"
44		"VDEQMA4GA1UECAwHVmVybW9udDEWMBQGA1UEBwwNVGhlIEludGVybmV0czEUMBIG\n"
45		"A1UECgwLTWFuZ29zIFIgVXMxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTAe\n"
46		"Fw0xNjAxMDYxNzQ3MjNaFw0yNjAxMDMxNzQ3MjNaMGoxCzAJBgNVBAYTAlZUMRAw\n"
47		"DgYDVQQIDAdWZXJtb250MRYwFAYDVQQHDA1UaGUgSW50ZXJuZXRzMRQwEgYDVQQK\n"
48		"DAtNYW5nb3MgUiBVczEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMIIBIjAN\n"
49		"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuqqqTEFSe8wiaEp6cYmtMjujOyH\n"
50		"txRqj3HdA87ngvpFj77h0Pj6T+b3zuqqkWg1SCN+zxV+TVGUJhiv6wJu7KYyB0wj\n"
51		"IKkmfKTddy1PJtYA8CHbvWpdei1zfc2Yweu7i5RZ9ra7S4tt+ItHJ8nhfCAtHM+7\n"
52		"YAjszElRAXKiY5HYBq2d1lIDl3nFZtpV1a2JRImksRaeFThPZERXlaxCwo5jbXOI\n"
53		"UXdcibBfrzmwrb8qhmEBNUHG9DFUkAwRzJIlFZjus7lu7XeXnzv9Tsp7UCRslWvk\n"
54		"p1m5Eiwsm7WtiezK3hxDaxeRgNCtSi9eNEjUR3lon0TLjULmu6pilzAUxQIDAQAB\n"
55		"MA0GCSqGSIb3DQEBCwUAA4IBAQA1eZGc/4V7z/E/6eG0hVkzoAZeuTcSP7WqBSx+\n"
56		"OP2yh0163UYjoa6nehmkKYQQ9PbYPZGzIcl+dBFyYzy6jcp0NdtzpWnTFrjl4rMq\n"
57		"akcQ1D0LTYjJXVP9G/vF/SvatOFeVTnQmLlLt/a8ZtRUINqejeZZPzH8ifzFW6tu\n"
58		"mlhTVIEKyPHpxClh5Y3ubw/mZYygekFTqMkTx3FwJxKU8J6rYGZxanWAODUIvCUo\n"
59		"Fxer1qC5Love3uWl3vXPLEZWZdORnExSRByzz2immBP2vX4zYZoeZRhTQ9ae1TIV\n"
60		"Dk02a/1AOJZdZReDbgXhlqaUx5pk/rzo4mDzvu5HSCeXmClz\n"
61		"-----END CERTIFICATE-----\n";
62
63		class Fuzzer_TLS_Server_Creds : public Botan::Credentials_Manager
64		{
65		public:
66		Fuzzer_TLS_Server_Creds()
67	4.53k	{
68	4.53k	Botan::DataSource_Memory cert_in(fixed_rsa_cert);
69	4.53k	Botan::DataSource_Memory key_in(fixed_rsa_key);
70
71	4.53k	m_rsa_cert.reset(new Botan::X509_Certificate(cert_in));
72		//m_rsa_key.reset(Botan::PKCS8::load_key(key_in, fuzzer_rng());
73	4.53k	}
74
75		std::vector<Botan::X509_Certificate> cert_chain(
76		const std::vector<std::string>& algos,
77		const std::string& /type/,
78		const std::string& /hostname/) override
79	59.8k	{
80	59.8k	std::vector<Botan::X509_Certificate> v;
81
82	59.8k	for(auto algo : algos)
83	59.8k	{
84	59.8k	if(algo == "RSA")
85	19.9k	{
86	19.9k	v.push_back(*m_rsa_cert);
87	19.9k	break;
88	19.9k	}
89	59.8k	}
90
91	59.8k	return v;
92	59.8k	}
93
94		Botan::Private_Key* private_key_for(const Botan::X509_Certificate& /cert/,
95		const std::string& /type/,
96		const std::string& /context/) override
97	91	{
98	91	return m_rsa_key.get();
99	91	}
100
101	19.6k	std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }
102	0	std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }
103		Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override
104	41.3k	{
105	41.3k	return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899");
106	41.3k	}
107		private:
108		std::unique_ptr<Botan::X509_Certificate> m_rsa_cert;
109		std::unique_ptr<Botan::Private_Key> m_rsa_key;
110		};
111
112		class Fuzzer_TLS_Policy : public Botan::TLS::Policy
113		{
114		public:
115		std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version) const override
116	19.9k	{
117	19.9k	std::vector<uint16_t> ciphersuites;
118
119	19.9k	for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites())
120	1.89M	{
121	1.89M	if(suite.valid())
122	1.89M	ciphersuites.push_back(suite.ciphersuite_code());
123	1.89M	}
124
125	19.9k	return ciphersuites;
126	19.9k	}
127		};
128
129		class Fuzzer_TLS_Server_Callbacks : public Botan::TLS::Callbacks
130		{
131		public:
132		void tls_emit_data(const uint8_t[], size_t) override
133	63.5k	{
134		// discard
135	63.5k	}
136
137		void tls_record_received(uint64_t, const uint8_t[], size_t) override
138	0	{
139		// ignore peer data
140	0	}
141
142		void tls_alert(Botan::TLS::Alert) override
143	18.9k	{
144		// ignore alert
145	18.9k	}
146
147		bool tls_session_established(const Botan::TLS::Session&) override
148	308	{
149	308	return true; // cache it
150	308	}
151
152		std::string tls_server_choose_app_protocol(const std::vector<std::string>& client_protos) override
153	3.42k	{
154	3.42k	if(client_protos.size() > 1)
155	22	return client_protos[0];
156	3.40k	else
157	3.40k	return "fuzzy";
158	3.42k	}
159
160		void tls_verify_cert_chain(
161		const std::vector<Botan::X509_Certificate>& cert_chain,
162		const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
163		const std::vector<Botan::Certificate_Store*>& trusted_roots,
164		Botan::Usage_Type usage,
165		const std::string& hostname,
166		const Botan::TLS::Policy& policy) override
167	0	{
168	0	try
169	0	{
170		// try to validate to exercise those code paths
171	0	Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses,
172	0	trusted_roots, usage, hostname, policy);
173	0	}
174	0	catch(...)
175	0	{
176		// ignore validation result
177	0	}
178	0	}
179
180		};
181
182		void fuzz(const uint8_t in[], size_t len)
183	4.53k	{
184	4.53k	if(len <= 1)
185	1	return;
186
187	4.53k	Botan::TLS::Session_Manager_Noop session_manager;
188	4.53k	Fuzzer_TLS_Policy policy;
189	4.53k	Botan::TLS::Server_Information info("server.name", 443);
190	4.53k	Fuzzer_TLS_Server_Creds creds;
191	4.53k	Fuzzer_TLS_Server_Callbacks callbacks;
192
193	4.53k	const bool is_datagram = in[0] & 1;
194
195	4.53k	Botan::TLS::Server server(callbacks,
196	4.53k	session_manager,
197	4.53k	creds,
198	4.53k	policy,
199	4.53k	fuzzer_rng(),
200	4.53k	is_datagram);
201
202	4.53k	try
203	4.53k	{
204	4.53k	server.received_data(in + 1, len - 1);
205	4.53k	}
206	4.53k	catch(std::exception& e)
207	4.53k	{
208	2.44k	}
209	4.53k	}