1 #define MAX_KEY_LEN 46 2 #define EXTRACT(dest, src, srcsize, copysize) \ 3 { \ 4 memcpy((dest), (src), (copysize)); \ 5 (src) += (copysize); \ 6 (srcsize) -= (copysize); \ 7 } 8 9 /* Extract data if src contains sufficient bytes, otherwise go to end */ 10 #define EXTRACT_IF(dest, src, srcsize, copysize) \ 11 { \ 12 if ((srcsize) < (copysize)) { \ 13 goto end; \ 14 } else { \ 15 EXTRACT((dest), (src), (srcsize), (copysize)); \ 16 } \ 17 } 18 #include <stdint.h> 19 #if UINTPTR_MAX == 0xffffffff 20 #define FUZZ_32BIT 21 #elif UINTPTR_MAX == 0xffffffffffffffff 22 #else 23 #error "Cannot detect word size" 24 #endif 25 26 typedef srtp_err_status_t ( 27 *fuzz_srtp_func)(srtp_t, void *, int *, uint8_t, unsigned int); 28 typedef void (*fuzz_srtp_crypto_policy_func)(srtp_crypto_policy_t *); 29 typedef srtp_err_status_t (*fuzz_srtp_get_length_func)(const srtp_t, 30 uint8_t, 31 unsigned int, 32 uint32_t *); 33 34 struct fuzz_srtp_params { 35 uint8_t srtp_func; 36 uint8_t srtp_crypto_policy_func; 37 uint16_t window_size; 38 uint8_t allow_repeat_tx; 39 uint8_t ssrc_type; 40 unsigned int ssrc_value; 41 uint8_t key[MAX_KEY_LEN]; 42 uint8_t mki; 43 }; 44 45 static srtp_err_status_t fuzz_srtp_protect(srtp_t srtp_sender, 46 void *hdr, 47 int *len, 48 uint8_t use_mki, 49 unsigned int mki); 50 static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender, 51 void *hdr, 52 int *len, 53 uint8_t use_mki, 54 unsigned int mki); 55 static srtp_err_status_t fuzz_srtp_protect_rtcp(srtp_t srtp_sender, 56 void *hdr, 57 int *len, 58 uint8_t use_mki, 59 unsigned int mki); 60 static srtp_err_status_t fuzz_srtp_unprotect_rtcp(srtp_t srtp_sender, 61 void *hdr, 62 int *len, 63 uint8_t use_mki, 64 unsigned int mki); 65 static srtp_err_status_t fuzz_srtp_protect_mki(srtp_t srtp_sender, 66 void *hdr, 67 int *len, 68 uint8_t use_mki, 69 unsigned int mki); 70 static srtp_err_status_t fuzz_srtp_protect_rtcp_mki(srtp_t srtp_sender, 71 void *hdr, 72 int *len, 73 uint8_t use_mki, 74 unsigned int mki); 75 static srtp_err_status_t fuzz_srtp_unprotect_mki(srtp_t srtp_sender, 76 void *hdr, 77 int *len, 78 uint8_t use_mki, 79 unsigned int mki); 80 static srtp_err_status_t fuzz_srtp_unprotect_rtcp_mki(srtp_t srtp_sender, 81 void *hdr, 82 int *len, 83 uint8_t use_mki, 84 unsigned int mki); 85 86 static srtp_err_status_t fuzz_srtp_get_protect_length(const srtp_t srtp_ctx, 87 uint8_t use_mki, 88 unsigned int mki, 89 uint32_t *length); 90 static srtp_err_status_t fuzz_srtp_get_protect_mki_length(const srtp_t srtp_ctx, 91 uint8_t use_mki, 92 unsigned int mki, 93 uint32_t *length); 94 static srtp_err_status_t fuzz_srtp_get_protect_rtcp_length( 95 const srtp_t srtp_ctx, 96 uint8_t use_mki, 97 unsigned int mki, 98 uint32_t *length); 99 static srtp_err_status_t fuzz_srtp_get_protect_rtcp_mki_length( 100 const srtp_t srtp_ctx, 101 uint8_t use_mki, 102 unsigned int mki, 103 uint32_t *length); 104 105 struct fuzz_srtp_func_ext { 106 fuzz_srtp_func srtp_func; 107 bool protect; 108 fuzz_srtp_get_length_func get_length; 109 }; 110 111 const struct fuzz_srtp_func_ext srtp_funcs[] = { 112 { fuzz_srtp_protect, true, fuzz_srtp_get_protect_length }, 113 { fuzz_srtp_unprotect, false, NULL }, 114 { fuzz_srtp_protect_rtcp, true, fuzz_srtp_get_protect_rtcp_length }, 115 { fuzz_srtp_unprotect_rtcp, false, NULL }, 116 { fuzz_srtp_protect_mki, true, fuzz_srtp_get_protect_mki_length }, 117 { fuzz_srtp_unprotect_mki, false, NULL }, 118 { fuzz_srtp_protect_rtcp_mki, true, fuzz_srtp_get_protect_rtcp_mki_length }, 119 { fuzz_srtp_unprotect_rtcp_mki, false, NULL } 120 }; 121 122 struct fuzz_srtp_crypto_policy_func_ext { 123 fuzz_srtp_crypto_policy_func crypto_policy_func; 124 const char *name; 125 }; 126 127 const struct fuzz_srtp_crypto_policy_func_ext fuzz_srtp_crypto_policies[] = { 128 { srtp_crypto_policy_set_rtp_default, "" }, 129 { srtp_crypto_policy_set_rtcp_default, "" }, 130 { srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32, 131 "srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32" }, 132 { srtp_crypto_policy_set_aes_cm_128_null_auth, 133 "srtp_crypto_policy_set_aes_cm_128_null_auth" }, 134 { srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32, 135 "srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32" }, 136 { srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80, 137 "srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80" }, 138 { srtp_crypto_policy_set_aes_cm_256_null_auth, 139 "srtp_crypto_policy_set_aes_cm_256_null_auth" }, 140 { srtp_crypto_policy_set_null_cipher_hmac_null, 141 "srtp_crypto_policy_set_null_cipher_hmac_null" }, 142 { srtp_crypto_policy_set_null_cipher_hmac_sha1_80, 143 "srtp_crypto_policy_set_null_cipher_hmac_sha1_80" }, 144 #ifdef OPENSSL 145 { srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32, 146 "srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32" }, 147 { srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80, 148 "srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80" }, 149 { srtp_crypto_policy_set_aes_cm_192_null_auth, 150 "srtp_crypto_policy_set_aes_cm_192_null_auth" }, 151 { srtp_crypto_policy_set_aes_gcm_128_16_auth, 152 "srtp_crypto_policy_set_aes_gcm_128_16_auth" }, 153 { srtp_crypto_policy_set_aes_gcm_128_8_auth, 154 "srtp_crypto_policy_set_aes_gcm_128_8_auth" }, 155 { srtp_crypto_policy_set_aes_gcm_128_8_only_auth, 156 "srtp_crypto_policy_set_aes_gcm_128_8_only_auth" }, 157 { srtp_crypto_policy_set_aes_gcm_256_16_auth, 158 "srtp_crypto_policy_set_aes_gcm_256_16_auth" }, 159 { srtp_crypto_policy_set_aes_gcm_256_8_auth, 160 "srtp_crypto_policy_set_aes_gcm_256_8_auth" }, 161 { srtp_crypto_policy_set_aes_gcm_256_8_only_auth, 162 "srtp_crypto_policy_set_aes_gcm_256_8_only_auth" }, 163 #endif 164 }; 165 166 struct fuzz_srtp_ssrc_type_ext { 167 srtp_ssrc_type_t srtp_ssrc_type; 168 const char *name; 169 }; 170 171 const struct fuzz_srtp_ssrc_type_ext fuzz_ssrc_type_map[] = { 172 { ssrc_undefined, "ssrc_undefined" }, 173 { ssrc_specific, "ssrc_specific" }, 174 { ssrc_any_inbound, "ssrc_any_inbound" }, 175 { ssrc_any_outbound, "ssrc_any_outbound" }, 176 }; 177