1*90e502c7SAndroid Build Coastguard Worker #define MAX_KEY_LEN 46 2*90e502c7SAndroid Build Coastguard Worker #define EXTRACT(dest, src, srcsize, copysize) \ 3*90e502c7SAndroid Build Coastguard Worker { \ 4*90e502c7SAndroid Build Coastguard Worker memcpy((dest), (src), (copysize)); \ 5*90e502c7SAndroid Build Coastguard Worker (src) += (copysize); \ 6*90e502c7SAndroid Build Coastguard Worker (srcsize) -= (copysize); \ 7*90e502c7SAndroid Build Coastguard Worker } 8*90e502c7SAndroid Build Coastguard Worker 9*90e502c7SAndroid Build Coastguard Worker /* Extract data if src contains sufficient bytes, otherwise go to end */ 10*90e502c7SAndroid Build Coastguard Worker #define EXTRACT_IF(dest, src, srcsize, copysize) \ 11*90e502c7SAndroid Build Coastguard Worker { \ 12*90e502c7SAndroid Build Coastguard Worker if ((srcsize) < (copysize)) { \ 13*90e502c7SAndroid Build Coastguard Worker goto end; \ 14*90e502c7SAndroid Build Coastguard Worker } else { \ 15*90e502c7SAndroid Build Coastguard Worker EXTRACT((dest), (src), (srcsize), (copysize)); \ 16*90e502c7SAndroid Build Coastguard Worker } \ 17*90e502c7SAndroid Build Coastguard Worker } 18*90e502c7SAndroid Build Coastguard Worker #include <stdint.h> 19*90e502c7SAndroid Build Coastguard Worker #if UINTPTR_MAX == 0xffffffff 20*90e502c7SAndroid Build Coastguard Worker #define FUZZ_32BIT 21*90e502c7SAndroid Build Coastguard Worker #elif UINTPTR_MAX == 0xffffffffffffffff 22*90e502c7SAndroid Build Coastguard Worker #else 23*90e502c7SAndroid Build Coastguard Worker #error "Cannot detect word size" 24*90e502c7SAndroid Build Coastguard Worker #endif 25*90e502c7SAndroid Build Coastguard Worker 26*90e502c7SAndroid Build Coastguard Worker typedef srtp_err_status_t ( 27*90e502c7SAndroid Build Coastguard Worker *fuzz_srtp_func)(srtp_t, void *, int *, uint8_t, unsigned int); 28*90e502c7SAndroid Build Coastguard Worker typedef void (*fuzz_srtp_crypto_policy_func)(srtp_crypto_policy_t *); 29*90e502c7SAndroid Build Coastguard Worker typedef srtp_err_status_t (*fuzz_srtp_get_length_func)(const srtp_t, 30*90e502c7SAndroid Build Coastguard Worker uint8_t, 31*90e502c7SAndroid Build Coastguard Worker unsigned int, 32*90e502c7SAndroid Build Coastguard Worker uint32_t *); 33*90e502c7SAndroid Build Coastguard Worker 34*90e502c7SAndroid Build Coastguard Worker struct fuzz_srtp_params { 35*90e502c7SAndroid Build Coastguard Worker uint8_t srtp_func; 36*90e502c7SAndroid Build Coastguard Worker uint8_t srtp_crypto_policy_func; 37*90e502c7SAndroid Build Coastguard Worker uint16_t window_size; 38*90e502c7SAndroid Build Coastguard Worker uint8_t allow_repeat_tx; 39*90e502c7SAndroid Build Coastguard Worker uint8_t ssrc_type; 40*90e502c7SAndroid Build Coastguard Worker unsigned int ssrc_value; 41*90e502c7SAndroid Build Coastguard Worker uint8_t key[MAX_KEY_LEN]; 42*90e502c7SAndroid Build Coastguard Worker uint8_t mki; 43*90e502c7SAndroid Build Coastguard Worker }; 44*90e502c7SAndroid Build Coastguard Worker 45*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_protect(srtp_t srtp_sender, 46*90e502c7SAndroid Build Coastguard Worker void *hdr, 47*90e502c7SAndroid Build Coastguard Worker int *len, 48*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 49*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 50*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender, 51*90e502c7SAndroid Build Coastguard Worker void *hdr, 52*90e502c7SAndroid Build Coastguard Worker int *len, 53*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 54*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 55*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_protect_rtcp(srtp_t srtp_sender, 56*90e502c7SAndroid Build Coastguard Worker void *hdr, 57*90e502c7SAndroid Build Coastguard Worker int *len, 58*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 59*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 60*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_unprotect_rtcp(srtp_t srtp_sender, 61*90e502c7SAndroid Build Coastguard Worker void *hdr, 62*90e502c7SAndroid Build Coastguard Worker int *len, 63*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 64*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 65*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_protect_mki(srtp_t srtp_sender, 66*90e502c7SAndroid Build Coastguard Worker void *hdr, 67*90e502c7SAndroid Build Coastguard Worker int *len, 68*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 69*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 70*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_protect_rtcp_mki(srtp_t srtp_sender, 71*90e502c7SAndroid Build Coastguard Worker void *hdr, 72*90e502c7SAndroid Build Coastguard Worker int *len, 73*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 74*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 75*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_unprotect_mki(srtp_t srtp_sender, 76*90e502c7SAndroid Build Coastguard Worker void *hdr, 77*90e502c7SAndroid Build Coastguard Worker int *len, 78*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 79*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 80*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_unprotect_rtcp_mki(srtp_t srtp_sender, 81*90e502c7SAndroid Build Coastguard Worker void *hdr, 82*90e502c7SAndroid Build Coastguard Worker int *len, 83*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 84*90e502c7SAndroid Build Coastguard Worker unsigned int mki); 85*90e502c7SAndroid Build Coastguard Worker 86*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_get_protect_length(const srtp_t srtp_ctx, 87*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 88*90e502c7SAndroid Build Coastguard Worker unsigned int mki, 89*90e502c7SAndroid Build Coastguard Worker uint32_t *length); 90*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_get_protect_mki_length(const srtp_t srtp_ctx, 91*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 92*90e502c7SAndroid Build Coastguard Worker unsigned int mki, 93*90e502c7SAndroid Build Coastguard Worker uint32_t *length); 94*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_get_protect_rtcp_length( 95*90e502c7SAndroid Build Coastguard Worker const srtp_t srtp_ctx, 96*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 97*90e502c7SAndroid Build Coastguard Worker unsigned int mki, 98*90e502c7SAndroid Build Coastguard Worker uint32_t *length); 99*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t fuzz_srtp_get_protect_rtcp_mki_length( 100*90e502c7SAndroid Build Coastguard Worker const srtp_t srtp_ctx, 101*90e502c7SAndroid Build Coastguard Worker uint8_t use_mki, 102*90e502c7SAndroid Build Coastguard Worker unsigned int mki, 103*90e502c7SAndroid Build Coastguard Worker uint32_t *length); 104*90e502c7SAndroid Build Coastguard Worker 105*90e502c7SAndroid Build Coastguard Worker struct fuzz_srtp_func_ext { 106*90e502c7SAndroid Build Coastguard Worker fuzz_srtp_func srtp_func; 107*90e502c7SAndroid Build Coastguard Worker bool protect; 108*90e502c7SAndroid Build Coastguard Worker fuzz_srtp_get_length_func get_length; 109*90e502c7SAndroid Build Coastguard Worker }; 110*90e502c7SAndroid Build Coastguard Worker 111*90e502c7SAndroid Build Coastguard Worker const struct fuzz_srtp_func_ext srtp_funcs[] = { 112*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_protect, true, fuzz_srtp_get_protect_length }, 113*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_unprotect, false, NULL }, 114*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_protect_rtcp, true, fuzz_srtp_get_protect_rtcp_length }, 115*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_unprotect_rtcp, false, NULL }, 116*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_protect_mki, true, fuzz_srtp_get_protect_mki_length }, 117*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_unprotect_mki, false, NULL }, 118*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_protect_rtcp_mki, true, fuzz_srtp_get_protect_rtcp_mki_length }, 119*90e502c7SAndroid Build Coastguard Worker { fuzz_srtp_unprotect_rtcp_mki, false, NULL } 120*90e502c7SAndroid Build Coastguard Worker }; 121*90e502c7SAndroid Build Coastguard Worker 122*90e502c7SAndroid Build Coastguard Worker struct fuzz_srtp_crypto_policy_func_ext { 123*90e502c7SAndroid Build Coastguard Worker fuzz_srtp_crypto_policy_func crypto_policy_func; 124*90e502c7SAndroid Build Coastguard Worker const char *name; 125*90e502c7SAndroid Build Coastguard Worker }; 126*90e502c7SAndroid Build Coastguard Worker 127*90e502c7SAndroid Build Coastguard Worker const struct fuzz_srtp_crypto_policy_func_ext fuzz_srtp_crypto_policies[] = { 128*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_rtp_default, "" }, 129*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_rtcp_default, "" }, 130*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32, 131*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32" }, 132*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_128_null_auth, 133*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_128_null_auth" }, 134*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32, 135*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32" }, 136*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80, 137*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80" }, 138*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_256_null_auth, 139*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_256_null_auth" }, 140*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_null_cipher_hmac_null, 141*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_null_cipher_hmac_null" }, 142*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_null_cipher_hmac_sha1_80, 143*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_null_cipher_hmac_sha1_80" }, 144*90e502c7SAndroid Build Coastguard Worker #ifdef OPENSSL 145*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32, 146*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32" }, 147*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80, 148*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80" }, 149*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_cm_192_null_auth, 150*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_cm_192_null_auth" }, 151*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_gcm_128_16_auth, 152*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_gcm_128_16_auth" }, 153*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_gcm_128_8_auth, 154*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_gcm_128_8_auth" }, 155*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_gcm_128_8_only_auth, 156*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_gcm_128_8_only_auth" }, 157*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_gcm_256_16_auth, 158*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_gcm_256_16_auth" }, 159*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_gcm_256_8_auth, 160*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_gcm_256_8_auth" }, 161*90e502c7SAndroid Build Coastguard Worker { srtp_crypto_policy_set_aes_gcm_256_8_only_auth, 162*90e502c7SAndroid Build Coastguard Worker "srtp_crypto_policy_set_aes_gcm_256_8_only_auth" }, 163*90e502c7SAndroid Build Coastguard Worker #endif 164*90e502c7SAndroid Build Coastguard Worker }; 165*90e502c7SAndroid Build Coastguard Worker 166*90e502c7SAndroid Build Coastguard Worker struct fuzz_srtp_ssrc_type_ext { 167*90e502c7SAndroid Build Coastguard Worker srtp_ssrc_type_t srtp_ssrc_type; 168*90e502c7SAndroid Build Coastguard Worker const char *name; 169*90e502c7SAndroid Build Coastguard Worker }; 170*90e502c7SAndroid Build Coastguard Worker 171*90e502c7SAndroid Build Coastguard Worker const struct fuzz_srtp_ssrc_type_ext fuzz_ssrc_type_map[] = { 172*90e502c7SAndroid Build Coastguard Worker { ssrc_undefined, "ssrc_undefined" }, 173*90e502c7SAndroid Build Coastguard Worker { ssrc_specific, "ssrc_specific" }, 174*90e502c7SAndroid Build Coastguard Worker { ssrc_any_inbound, "ssrc_any_inbound" }, 175*90e502c7SAndroid Build Coastguard Worker { ssrc_any_outbound, "ssrc_any_outbound" }, 176*90e502c7SAndroid Build Coastguard Worker }; 177