5607864191

Committed 18 Jul 2023 11:59AM UTC coverage: 91.706% (-0.03%) from 91.736%

Build # 5607864191

Build Type

push

github

Committed by

randombit

Commit Message

Merge GH #3622 Extend Credentials_Manager to support TLS 1.3 PSK

Run Details

78332 of 85416 relevant lines covered (91.71%)

12320969.22 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

51.02

/src/fuzzer/tls_client.cpp

/*
* (C) 2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "fuzzers.h"

#include <botan/hex.h>
#include <botan/tls_client.h>
#include <botan/tls_session_manager_noop.h>

class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager {
   public:
      std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }

      std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }

      Botan::secure_vector<uint8_t> session_ticket_key() override {
         return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");
      }

      Botan::secure_vector<uint8_t> dtls_cookie_secret() override {
         return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");
      }

      std::vector<Botan::TLS::ExternalPSK> find_preshared_keys(
         std::string_view host,
         Botan::TLS::Connection_Side whoami,
         const std::vector<std::string>& identities = {},
         const std::optional<std::string>& prf = std::nullopt) override {
         if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) {
            return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf);
         }

         std::vector<Botan::TLS::ExternalPSK> psks;
         psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"));
         return psks;
      }
};

class Fuzzer_TLS_Policy : public Botan::TLS::Policy {
   public:
      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version) const override {
         std::vector<uint16_t> ciphersuites;

         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) {
            if(suite.valid() == false) {
               ciphersuites.push_back(suite.ciphersuite_code());
            }
         }

         return ciphersuites;
      }
};

class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks {
   public:
      void tls_emit_data(std::span<const uint8_t>) override {
         // discard
      }

      void tls_record_received(uint64_t, std::span<const uint8_t>) override {
         // ignore peer data
      }

      void tls_alert(Botan::TLS::Alert) override {
         // ignore alert
      }

      void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                                 const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
                                 const std::vector<Botan::Certificate_Store*>& trusted_roots,
                                 Botan::Usage_Type usage,
                                 std::string_view hostname,
                                 const Botan::TLS::Policy& policy) override {
         try {
            // try to validate to exercise those code paths
            Botan::TLS::Callbacks::tls_verify_cert_chain(
               cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
         } catch(...) {
            // ignore validation result
         }
      }
};

void fuzz(const uint8_t in[], size_t len) {
   if(len == 0) {
      return;
   }

   auto session_manager = std::make_shared<Botan::TLS::Session_Manager_Noop>();
   auto policy = std::make_shared<Fuzzer_TLS_Policy>();
   Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;
   Botan::TLS::Server_Information info("server.name", 443);
   auto callbacks = std::make_shared<Fuzzer_TLS_Client_Callbacks>();
   auto creds = std::make_shared<Fuzzer_TLS_Client_Creds>();

   Botan::TLS::Client client(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), info, client_offer);

   try {
      client.received_data(in, len);
   } catch(std::exception& e) {}
}

1	/*
2	* (C) 2015,2016 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "fuzzers.h"
8
9	#include <botan/hex.h>
10	#include <botan/tls_client.h>
11	#include <botan/tls_session_manager_noop.h>
12
13	class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager {	1,962✔
14	public:
15	std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }	×
16
17	std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }	×
18
19	Botan::secure_vector<uint8_t> session_ticket_key() override {	×
20	return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");	×
21	}
22
23	Botan::secure_vector<uint8_t> dtls_cookie_secret() override {	×
24	return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");	×
25	}
26
27	std::vector<Botan::TLS::ExternalPSK> find_preshared_keys(	×
28	std::string_view host,
29	Botan::TLS::Connection_Side whoami,
30	const std::vector<std::string>& identities = {},
31	const std::optional<std::string>& prf = std::nullopt) override {
32	if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) {	×
33	return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf);	×
34	}
35
36	std::vector<Botan::TLS::ExternalPSK> psks;	×
37	psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"));	×
38	return psks;	×
39	}	×
40	};
41
42	class Fuzzer_TLS_Policy : public Botan::TLS::Policy {	1,962✔
43	public:
44	std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version) const override {	1,962✔
45	std::vector<uint16_t> ciphersuites;	1,962✔
46
47	for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) {	186,390✔
48	if(suite.valid() == false) {	184,428✔
49	ciphersuites.push_back(suite.ciphersuite_code());	×
50	}
51	}
52
53	return ciphersuites;	1,962✔
54	}	×
55	};
56
57	class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks {	1,962✔
58	public:
59	void tls_emit_data(std::span<const uint8_t>) override {	3,918✔
60	// discard
61	}	3,918✔
62
63	void tls_record_received(uint64_t, std::span<const uint8_t>) override {	×
64	// ignore peer data
65	}	×
66
67	void tls_alert(Botan::TLS::Alert) override {	4✔
68	// ignore alert
69	}	4✔
70
71	void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,	×
72	const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
73	const std::vector<Botan::Certificate_Store*>& trusted_roots,
74	Botan::Usage_Type usage,
75	std::string_view hostname,
76	const Botan::TLS::Policy& policy) override {
77	try {	×
78	// try to validate to exercise those code paths
79	Botan::TLS::Callbacks::tls_verify_cert_chain(	×
80	cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
81	} catch(...) {	×
82	// ignore validation result
83	}	×
84	}	×
85	};
86
87	void fuzz(const uint8_t in[], size_t len) {	1,962✔
88	if(len == 0) {	1,962✔
89	return;	×
90	}
91
92	auto session_manager = std::make_shared<Botan::TLS::Session_Manager_Noop>();	1,962✔
93	auto policy = std::make_shared<Fuzzer_TLS_Policy>();	1,962✔
94	Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;	1,962✔
95	Botan::TLS::Server_Information info("server.name", 443);	1,962✔
96	auto callbacks = std::make_shared<Fuzzer_TLS_Client_Callbacks>();	1,962✔
97	auto creds = std::make_shared<Fuzzer_TLS_Client_Creds>();	1,962✔
98
99	Botan::TLS::Client client(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), info, client_offer);	13,734✔
100
101	try {	1,962✔
102	client.received_data(in, len);	1,962✔
103	} catch(std::exception& e) {}	1,956✔
104	}	9,810✔

randombit / botan / 5607864191

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous