xref: /aosp_15_r20/external/cronet/testing/libfuzzer/fuzzers/libsrtp_fuzzer.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker // Copyright 2016 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker 
5*6777b538SAndroid Build Coastguard Worker #include <assert.h>
6*6777b538SAndroid Build Coastguard Worker #include <stddef.h>
7*6777b538SAndroid Build Coastguard Worker #include <stdint.h>
8*6777b538SAndroid Build Coastguard Worker 
9*6777b538SAndroid Build Coastguard Worker #include <algorithm>
10*6777b538SAndroid Build Coastguard Worker #include <vector>
11*6777b538SAndroid Build Coastguard Worker 
12*6777b538SAndroid Build Coastguard Worker #include "third_party/libsrtp/include/srtp.h"
13*6777b538SAndroid Build Coastguard Worker #include "third_party/libsrtp/include/srtp_priv.h"
14*6777b538SAndroid Build Coastguard Worker #include "third_party/libsrtp/test/rtp.h"
15*6777b538SAndroid Build Coastguard Worker 
16*6777b538SAndroid Build Coastguard Worker // TODO(katrielc) Also test the authenticated path, which is what
17*6777b538SAndroid Build Coastguard Worker // WebRTC uses.  This is nontrivial because you need to bypass the MAC
18*6777b538SAndroid Build Coastguard Worker // check. Two options: add a UNSAFE_FUZZER_MODE flag to libsrtp (or
19*6777b538SAndroid Build Coastguard Worker // the chromium fork of it), or compute the HMAC of whatever gibberish
20*6777b538SAndroid Build Coastguard Worker // the fuzzer produces and write it into the packet manually.
21*6777b538SAndroid Build Coastguard Worker 
22*6777b538SAndroid Build Coastguard Worker namespace LibSrtpFuzzer {
23*6777b538SAndroid Build Coastguard Worker enum CryptoPolicy {
24*6777b538SAndroid Build Coastguard Worker   NONE,
25*6777b538SAndroid Build Coastguard Worker   LIKE_WEBRTC,
26*6777b538SAndroid Build Coastguard Worker   LIKE_WEBRTC_SHORT_AUTH,
27*6777b538SAndroid Build Coastguard Worker   LIKE_WEBRTC_WITHOUT_AUTH,
28*6777b538SAndroid Build Coastguard Worker   AES_128_GCM,
29*6777b538SAndroid Build Coastguard Worker   AES_256_GCM,
30*6777b538SAndroid Build Coastguard Worker   NUMBER_OF_POLICIES,
31*6777b538SAndroid Build Coastguard Worker };
32*6777b538SAndroid Build Coastguard Worker }
33*6777b538SAndroid Build Coastguard Worker 
GetKeyLength(LibSrtpFuzzer::CryptoPolicy crypto_policy)34*6777b538SAndroid Build Coastguard Worker static size_t GetKeyLength(LibSrtpFuzzer::CryptoPolicy crypto_policy) {
35*6777b538SAndroid Build Coastguard Worker   switch (crypto_policy) {
36*6777b538SAndroid Build Coastguard Worker     case LibSrtpFuzzer::NUMBER_OF_POLICIES:
37*6777b538SAndroid Build Coastguard Worker     case LibSrtpFuzzer::NONE:
38*6777b538SAndroid Build Coastguard Worker       return 0;
39*6777b538SAndroid Build Coastguard Worker     case LibSrtpFuzzer::LIKE_WEBRTC:
40*6777b538SAndroid Build Coastguard Worker     case LibSrtpFuzzer::LIKE_WEBRTC_SHORT_AUTH:
41*6777b538SAndroid Build Coastguard Worker     case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH:
42*6777b538SAndroid Build Coastguard Worker       return SRTP_AES_ICM_128_KEY_LEN_WSALT;
43*6777b538SAndroid Build Coastguard Worker     case LibSrtpFuzzer::AES_128_GCM:
44*6777b538SAndroid Build Coastguard Worker       return SRTP_AES_GCM_128_KEY_LEN_WSALT;
45*6777b538SAndroid Build Coastguard Worker     case LibSrtpFuzzer::AES_256_GCM:
46*6777b538SAndroid Build Coastguard Worker       return SRTP_AES_GCM_256_KEY_LEN_WSALT;
47*6777b538SAndroid Build Coastguard Worker   }
48*6777b538SAndroid Build Coastguard Worker }
49*6777b538SAndroid Build Coastguard Worker 
50*6777b538SAndroid Build Coastguard Worker struct Environment {
GetCryptoPolicyEnvironment51*6777b538SAndroid Build Coastguard Worker   srtp_policy_t GetCryptoPolicy(LibSrtpFuzzer::CryptoPolicy crypto_policy,
52*6777b538SAndroid Build Coastguard Worker                                 const unsigned char* replacement_key,
53*6777b538SAndroid Build Coastguard Worker                                 size_t key_length) {
54*6777b538SAndroid Build Coastguard Worker     switch (crypto_policy) {
55*6777b538SAndroid Build Coastguard Worker       case LibSrtpFuzzer::NUMBER_OF_POLICIES:
56*6777b538SAndroid Build Coastguard Worker       case LibSrtpFuzzer::NONE:
57*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtp);
58*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtcp);
59*6777b538SAndroid Build Coastguard Worker         break;
60*6777b538SAndroid Build Coastguard Worker       case LibSrtpFuzzer::LIKE_WEBRTC:
61*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
62*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
63*6777b538SAndroid Build Coastguard Worker         break;
64*6777b538SAndroid Build Coastguard Worker       case LibSrtpFuzzer::LIKE_WEBRTC_SHORT_AUTH:
65*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
66*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtcp);
67*6777b538SAndroid Build Coastguard Worker         break;
68*6777b538SAndroid Build Coastguard Worker       case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH:
69*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
70*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtcp);
71*6777b538SAndroid Build Coastguard Worker         break;
72*6777b538SAndroid Build Coastguard Worker       case LibSrtpFuzzer::AES_128_GCM:
73*6777b538SAndroid Build Coastguard Worker         // There was a security bug in the GCM mode in libsrtp 1.5.2.
74*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
75*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
76*6777b538SAndroid Build Coastguard Worker         break;
77*6777b538SAndroid Build Coastguard Worker       case LibSrtpFuzzer::AES_256_GCM:
78*6777b538SAndroid Build Coastguard Worker         // WebRTC uses AES-256-GCM by default if GCM ciphers are enabled.
79*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
80*6777b538SAndroid Build Coastguard Worker         srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
81*6777b538SAndroid Build Coastguard Worker         break;
82*6777b538SAndroid Build Coastguard Worker     }
83*6777b538SAndroid Build Coastguard Worker 
84*6777b538SAndroid Build Coastguard Worker     assert(static_cast<size_t>(policy.rtp.cipher_key_len) == key_length);
85*6777b538SAndroid Build Coastguard Worker     assert(static_cast<size_t>(policy.rtcp.cipher_key_len) == key_length);
86*6777b538SAndroid Build Coastguard Worker     memcpy(key, replacement_key, key_length);
87*6777b538SAndroid Build Coastguard Worker     return policy;
88*6777b538SAndroid Build Coastguard Worker   }
89*6777b538SAndroid Build Coastguard Worker 
EnvironmentEnvironment90*6777b538SAndroid Build Coastguard Worker   Environment() {
91*6777b538SAndroid Build Coastguard Worker     srtp_init();
92*6777b538SAndroid Build Coastguard Worker 
93*6777b538SAndroid Build Coastguard Worker     memset(&policy, 0, sizeof(policy));
94*6777b538SAndroid Build Coastguard Worker     policy.allow_repeat_tx = 1;
95*6777b538SAndroid Build Coastguard Worker     policy.ekt = nullptr;
96*6777b538SAndroid Build Coastguard Worker     policy.key = key;
97*6777b538SAndroid Build Coastguard Worker     policy.next = nullptr;
98*6777b538SAndroid Build Coastguard Worker     policy.ssrc.type = ssrc_any_inbound;
99*6777b538SAndroid Build Coastguard Worker     policy.ssrc.value = 0xdeadbeef;
100*6777b538SAndroid Build Coastguard Worker     policy.window_size = 1024;
101*6777b538SAndroid Build Coastguard Worker   }
102*6777b538SAndroid Build Coastguard Worker 
103*6777b538SAndroid Build Coastguard Worker  private:
104*6777b538SAndroid Build Coastguard Worker   srtp_policy_t policy;
105*6777b538SAndroid Build Coastguard Worker   unsigned char key[SRTP_MAX_KEY_LEN] = {0};
106*6777b538SAndroid Build Coastguard Worker 
srtp_crypto_policy_set_null_cipher_null_authEnvironment107*6777b538SAndroid Build Coastguard Worker   static void srtp_crypto_policy_set_null_cipher_null_auth(
108*6777b538SAndroid Build Coastguard Worker       srtp_crypto_policy_t* p) {
109*6777b538SAndroid Build Coastguard Worker     p->cipher_type = SRTP_NULL_CIPHER;
110*6777b538SAndroid Build Coastguard Worker     p->cipher_key_len = 0;
111*6777b538SAndroid Build Coastguard Worker     p->auth_type = SRTP_NULL_AUTH;
112*6777b538SAndroid Build Coastguard Worker     p->auth_key_len = 0;
113*6777b538SAndroid Build Coastguard Worker     p->auth_tag_len = 0;
114*6777b538SAndroid Build Coastguard Worker     p->sec_serv = sec_serv_none;
115*6777b538SAndroid Build Coastguard Worker   }
116*6777b538SAndroid Build Coastguard Worker };
117*6777b538SAndroid Build Coastguard Worker 
ReadLength(const uint8_t * data,size_t size)118*6777b538SAndroid Build Coastguard Worker size_t ReadLength(const uint8_t* data, size_t size) {
119*6777b538SAndroid Build Coastguard Worker   // Read one byte of input and interpret it as a length to read from
120*6777b538SAndroid Build Coastguard Worker   // data. Don't return more bytes than are available.
121*6777b538SAndroid Build Coastguard Worker   size_t n = static_cast<size_t>(data[0]);
122*6777b538SAndroid Build Coastguard Worker   return std::min(n, size - 1);
123*6777b538SAndroid Build Coastguard Worker }
124*6777b538SAndroid Build Coastguard Worker 
125*6777b538SAndroid Build Coastguard Worker Environment* env = new Environment();
126*6777b538SAndroid Build Coastguard Worker 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)127*6777b538SAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
128*6777b538SAndroid Build Coastguard Worker   // Read one byte and use it to choose a crypto policy.
129*6777b538SAndroid Build Coastguard Worker   if (size <= 2 + SRTP_MAX_KEY_LEN)
130*6777b538SAndroid Build Coastguard Worker     return 0;
131*6777b538SAndroid Build Coastguard Worker   LibSrtpFuzzer::CryptoPolicy policy = static_cast<LibSrtpFuzzer::CryptoPolicy>(
132*6777b538SAndroid Build Coastguard Worker       data[0] % LibSrtpFuzzer::NUMBER_OF_POLICIES);
133*6777b538SAndroid Build Coastguard Worker   data += 1;
134*6777b538SAndroid Build Coastguard Worker   size -= 1;
135*6777b538SAndroid Build Coastguard Worker 
136*6777b538SAndroid Build Coastguard Worker   // Read some more bytes to use as a key.
137*6777b538SAndroid Build Coastguard Worker   size_t key_length = GetKeyLength(policy);
138*6777b538SAndroid Build Coastguard Worker   srtp_policy_t srtp_policy = env->GetCryptoPolicy(policy, data, key_length);
139*6777b538SAndroid Build Coastguard Worker   data += SRTP_MAX_KEY_LEN;
140*6777b538SAndroid Build Coastguard Worker   size -= SRTP_MAX_KEY_LEN;
141*6777b538SAndroid Build Coastguard Worker 
142*6777b538SAndroid Build Coastguard Worker   // Read one byte and use as number of encrypted header extensions.
143*6777b538SAndroid Build Coastguard Worker   uint8_t num_encrypted_headers = data[0];
144*6777b538SAndroid Build Coastguard Worker   data += 1;
145*6777b538SAndroid Build Coastguard Worker   size -= 1;
146*6777b538SAndroid Build Coastguard Worker   if (num_encrypted_headers > 0) {
147*6777b538SAndroid Build Coastguard Worker     // Use next bytes as extension ids.
148*6777b538SAndroid Build Coastguard Worker     if (size <= num_encrypted_headers)
149*6777b538SAndroid Build Coastguard Worker       return 0;
150*6777b538SAndroid Build Coastguard Worker     srtp_policy.enc_xtn_hdr_count = static_cast<int>(num_encrypted_headers);
151*6777b538SAndroid Build Coastguard Worker     srtp_policy.enc_xtn_hdr =
152*6777b538SAndroid Build Coastguard Worker         static_cast<int*>(malloc(srtp_policy.enc_xtn_hdr_count * sizeof(int)));
153*6777b538SAndroid Build Coastguard Worker     assert(srtp_policy.enc_xtn_hdr);
154*6777b538SAndroid Build Coastguard Worker     for (int i = 0; i < srtp_policy.enc_xtn_hdr_count; ++i) {
155*6777b538SAndroid Build Coastguard Worker       srtp_policy.enc_xtn_hdr[i] = static_cast<int>(data[i]);
156*6777b538SAndroid Build Coastguard Worker     }
157*6777b538SAndroid Build Coastguard Worker     data += srtp_policy.enc_xtn_hdr_count;
158*6777b538SAndroid Build Coastguard Worker     size -= srtp_policy.enc_xtn_hdr_count;
159*6777b538SAndroid Build Coastguard Worker   }
160*6777b538SAndroid Build Coastguard Worker 
161*6777b538SAndroid Build Coastguard Worker   srtp_t session;
162*6777b538SAndroid Build Coastguard Worker   srtp_err_status_t error = srtp_create(&session, &srtp_policy);
163*6777b538SAndroid Build Coastguard Worker   free(srtp_policy.enc_xtn_hdr);
164*6777b538SAndroid Build Coastguard Worker   if (error != srtp_err_status_ok) {
165*6777b538SAndroid Build Coastguard Worker     assert(false);
166*6777b538SAndroid Build Coastguard Worker     return 0;
167*6777b538SAndroid Build Coastguard Worker   }
168*6777b538SAndroid Build Coastguard Worker 
169*6777b538SAndroid Build Coastguard Worker   // Read one byte as a packet length N, then feed the next N bytes
170*6777b538SAndroid Build Coastguard Worker   // into srtp_unprotect. Keep going until we run out of data.
171*6777b538SAndroid Build Coastguard Worker   size_t packet_size;
172*6777b538SAndroid Build Coastguard Worker   while (size > 0 && (packet_size = ReadLength(data, size)) > 0) {
173*6777b538SAndroid Build Coastguard Worker     // One byte was used by ReadLength.
174*6777b538SAndroid Build Coastguard Worker     data++;
175*6777b538SAndroid Build Coastguard Worker     size--;
176*6777b538SAndroid Build Coastguard Worker 
177*6777b538SAndroid Build Coastguard Worker     size_t header_size = std::min(sizeof(srtp_hdr_t), packet_size);
178*6777b538SAndroid Build Coastguard Worker     size_t body_size = packet_size - header_size;
179*6777b538SAndroid Build Coastguard Worker 
180*6777b538SAndroid Build Coastguard Worker     // We deliberately do not initialise this struct. MSAN will catch
181*6777b538SAndroid Build Coastguard Worker     // usage of the uninitialised memory.
182*6777b538SAndroid Build Coastguard Worker     rtp_msg_t message;
183*6777b538SAndroid Build Coastguard Worker     memcpy(&message.header, data, header_size);
184*6777b538SAndroid Build Coastguard Worker     memcpy(&message.body, data + header_size, body_size);
185*6777b538SAndroid Build Coastguard Worker 
186*6777b538SAndroid Build Coastguard Worker     int out_len = static_cast<int>(packet_size);
187*6777b538SAndroid Build Coastguard Worker     srtp_unprotect(session, &message, &out_len);
188*6777b538SAndroid Build Coastguard Worker 
189*6777b538SAndroid Build Coastguard Worker     // |packet_size| bytes were used above.
190*6777b538SAndroid Build Coastguard Worker     data += packet_size;
191*6777b538SAndroid Build Coastguard Worker     size -= packet_size;
192*6777b538SAndroid Build Coastguard Worker   }
193*6777b538SAndroid Build Coastguard Worker 
194*6777b538SAndroid Build Coastguard Worker   srtp_dealloc(session);
195*6777b538SAndroid Build Coastguard Worker   return 0;
196*6777b538SAndroid Build Coastguard Worker }
197