xref: /aosp_15_r20/external/mbedtls/programs/fuzz/fuzz_server.c (revision 62c56f9862f102b96d72393aff6076c951fb8148) 
1 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
2 
3 #include "mbedtls/ssl.h"
4 #include "mbedtls/entropy.h"
5 #include "mbedtls/ctr_drbg.h"
6 #include "mbedtls/ssl_ticket.h"
7 #include "test/certs.h"
8 #include "common.h"
9 #include <string.h>
10 #include <stdlib.h>
11 #include <stdint.h>
12 
13 
14 #if defined(MBEDTLS_SSL_SRV_C) && \
15     defined(MBEDTLS_ENTROPY_C) && \
16     defined(MBEDTLS_CTR_DRBG_C)
17 const char *pers = "fuzz_server";
18 static int initialized = 0;
19 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
20 static mbedtls_x509_crt srvcert;
21 static mbedtls_pk_context pkey;
22 #endif
23 const char *alpn_list[3];
24 
25 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
26 const unsigned char psk[] = {
27     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
28     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
29 };
30 const char psk_id[] = "Client_identity";
31 #endif
32 #endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C
33 
34 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)35 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
36 {
37 #if defined(MBEDTLS_SSL_SRV_C) && \
38     defined(MBEDTLS_ENTROPY_C) && \
39     defined(MBEDTLS_CTR_DRBG_C)
40     int ret;
41     size_t len;
42     mbedtls_ssl_context ssl;
43     mbedtls_ssl_config conf;
44     mbedtls_ctr_drbg_context ctr_drbg;
45     mbedtls_entropy_context entropy;
46 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
47     mbedtls_ssl_ticket_context ticket_ctx;
48 #endif
49     unsigned char buf[4096];
50     fuzzBufferOffset_t biomemfuzz;
51     uint8_t options;
52 
53     //we take 1 byte as options input
54     if (Size < 1) {
55         return 0;
56     }
57     options = Data[Size - 1];
58 
59     mbedtls_ctr_drbg_init(&ctr_drbg);
60     mbedtls_entropy_init(&entropy);
61 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
62     mbedtls_x509_crt_init(&srvcert);
63     mbedtls_pk_init(&pkey);
64 #endif
65     mbedtls_ssl_init(&ssl);
66     mbedtls_ssl_config_init(&conf);
67 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
68     mbedtls_ssl_ticket_init(&ticket_ctx);
69 #endif
70 #if defined(MBEDTLS_USE_PSA_CRYPTO)
71     psa_status_t status = psa_crypto_init();
72     if (status != PSA_SUCCESS) {
73         goto exit;
74     }
75 #endif /* MBEDTLS_USE_PSA_CRYPTO */
76 
77     if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
78                               (const unsigned char *) pers, strlen(pers)) != 0) {
79         return 1;
80     }
81 
82     if (initialized == 0) {
83 
84 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
85         if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
86                                    mbedtls_test_srv_crt_len) != 0) {
87             return 1;
88         }
89         if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
90                                    mbedtls_test_cas_pem_len) != 0) {
91             return 1;
92         }
93         if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
94                                  mbedtls_test_srv_key_len, NULL, 0,
95                                  dummy_random, &ctr_drbg) != 0) {
96             return 1;
97         }
98 #endif
99 
100         alpn_list[0] = "HTTP";
101         alpn_list[1] = "fuzzalpn";
102         alpn_list[2] = NULL;
103 
104         dummy_init();
105 
106         initialized = 1;
107     }
108 
109     if (mbedtls_ssl_config_defaults(&conf,
110                                     MBEDTLS_SSL_IS_SERVER,
111                                     MBEDTLS_SSL_TRANSPORT_STREAM,
112                                     MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
113         goto exit;
114     }
115 
116     srand(1);
117     mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
118 
119 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
120     mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
121     if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
122         goto exit;
123     }
124 #endif
125 
126     mbedtls_ssl_conf_cert_req_ca_list(&conf,
127                                       (options &
128                                        0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
129 #if defined(MBEDTLS_SSL_ALPN)
130     if (options & 0x2) {
131         mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
132     }
133 #endif
134 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
135     if (options & 0x4) {
136         if (mbedtls_ssl_ticket_setup(&ticket_ctx,
137                                      dummy_random, &ctr_drbg,
138                                      MBEDTLS_CIPHER_AES_256_GCM,
139                                      86400) != 0) {
140             goto exit;
141         }
142 
143         mbedtls_ssl_conf_session_tickets_cb(&conf,
144                                             mbedtls_ssl_ticket_write,
145                                             mbedtls_ssl_ticket_parse,
146                                             &ticket_ctx);
147     }
148 #endif
149 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
150     mbedtls_ssl_conf_extended_master_secret(&conf,
151                                             (options &
152                                              0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
153 #endif
154 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
155     mbedtls_ssl_conf_encrypt_then_mac(&conf,
156                                       (options &
157                                        0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
158 #endif
159 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
160     if (options & 0x40) {
161         mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
162                              (const unsigned char *) psk_id, sizeof(psk_id) - 1);
163     }
164 #endif
165 #if defined(MBEDTLS_SSL_RENEGOTIATION)
166     mbedtls_ssl_conf_renegotiation(&conf,
167                                    (options &
168                                     0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
169 #endif
170 
171     if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
172         goto exit;
173     }
174 
175     biomemfuzz.Data = Data;
176     biomemfuzz.Size = Size-1;
177     biomemfuzz.Offset = 0;
178     mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
179 
180     mbedtls_ssl_session_reset(&ssl);
181     ret = mbedtls_ssl_handshake(&ssl);
182     if (ret == 0) {
183         //keep reading data from server until the end
184         do {
185             len = sizeof(buf) - 1;
186             ret = mbedtls_ssl_read(&ssl, buf, len);
187 
188             if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
189                 continue;
190             } else if (ret <= 0) {
191                 //EOF or error
192                 break;
193             }
194         } while (1);
195     }
196 
197 exit:
198 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
199     mbedtls_ssl_ticket_free(&ticket_ctx);
200 #endif
201     mbedtls_entropy_free(&entropy);
202     mbedtls_ctr_drbg_free(&ctr_drbg);
203     mbedtls_ssl_config_free(&conf);
204 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
205     mbedtls_x509_crt_free(&srvcert);
206     mbedtls_pk_free(&pkey);
207 #endif
208     mbedtls_ssl_free(&ssl);
209 #if defined(MBEDTLS_USE_PSA_CRYPTO)
210     mbedtls_psa_crypto_free();
211 #endif
212 #else
213     (void) Data;
214     (void) Size;
215 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
216 
217     return 0;
218 }
219