12928057538

Committed 23 Jan 2025 11:18AM UTC coverage: 91.213% (+0.002%) from 91.211%

Build # 12928057538

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #4578 from randombit/jack/switch-tls-server-fuzzer-to-ecdsa

Switch the TLS server fuzzer to use an ECDSA key

Run Details

93549 of 102561 relevant lines covered (91.21%)

11479391.24 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

34.78

/src/fuzzer/tls_server.cpp

/*
* (C) 2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "fuzzers.h"

#include <botan/data_src.h>
#include <botan/hex.h>
#include <botan/pkcs8.h>
#include <botan/tls_server.h>
#include <botan/tls_session_manager_noop.h>

#include <memory>

namespace {

const char* const fixed_ecdsa_key =
   "-----BEGIN PRIVATE KEY-----"
   "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfUjnfxgvrIyrqa5N"
   "47X1W50cVStDPbASwRcY6zqehjyhRANCAAQTNF0poMBM4tuCY50NrDJU8za/SK45"
   "erOdFpGK7KRWtBE9zNj6J0f1UB+K8GdekFD2me+iL63v+uBqo/PHRPT9"
   "-----END PRIVATE KEY-----";

const char* const fixed_ecdsa_cert =
   "-----BEGIN CERTIFICATE-----"
   "MIIB3zCCAYWgAwIBAgIRAPFi6dun9OY7YLuZHqKzdEMwCgYIKoZIzj0EAwIwOTEa"
   "MBgGA1UEAwwRSXQncyBGdXp6aW5nIFRpbWUxCzAJBgNVBAYTAlZUMQ4wDAYDVQQK"
   "EwVCb3RhbjAeFw0yNTAxMjAxMzI0MjdaFw0zODAxMTgxMzI0MjdaMDkxGjAYBgNV"
   "BAMMEUl0J3MgRnV6emluZyBUaW1lMQswCQYDVQQGEwJWVDEOMAwGA1UEChMFQm90"
   "YW4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQTNF0poMBM4tuCY50NrDJU8za/"
   "SK45erOdFpGK7KRWtBE9zNj6J0f1UB+K8GdekFD2me+iL63v+uBqo/PHRPT9o24w"
   "bDAhBgNVHQ4EGgQYevp/SCkZVWPKNAUSez17HTOyneXEWwpEMBQGA1UdEQQNMAuC"
   "CWxvY2FsaG9zdDAMBgNVHRMBAf8EAjAAMCMGA1UdIwQcMBqAGHr6f0gpGVVjyjQF"
   "Ens9ex0zsp3lxFsKRDAKBggqhkjOPQQDAgNIADBFAiEApqVCYhySxK/8GLq8wlPh"
   "MeBg8CwKO83s1h/GYQZD4CUCID5Mzh5mwrkkAuSENjLXAD4dtiu91Zsoye5J0uuU"
   "60v7"
   "-----END CERTIFICATE-----";

class Fuzzer_TLS_Server_Creds : public Botan::Credentials_Manager {
   public:
      Fuzzer_TLS_Server_Creds() {
         Botan::DataSource_Memory cert_in(fixed_ecdsa_cert);
         m_ecdsa_cert = std::make_unique<Botan::X509_Certificate>(cert_in);

         Botan::DataSource_Memory key_in(fixed_ecdsa_key);
         m_ecdsa_key.reset(Botan::PKCS8::load_key(key_in).release());
      }

      std::vector<Botan::X509_Certificate> cert_chain(
         const std::vector<std::string>& algos,
         const std::vector<Botan::AlgorithmIdentifier>& /*signature_schemes*/,
         const std::string& /*type*/,
         const std::string& /*hostname*/) override {
         std::vector<Botan::X509_Certificate> v;

         for(const auto& algo : algos) {
            if(algo == "ECDSA") {
               v.push_back(*m_ecdsa_cert);
               break;
            }
         }

         return v;
      }

      std::shared_ptr<Botan::Private_Key> private_key_for(const Botan::X509_Certificate& /*cert*/,
                                                          const std::string& type,
                                                          const std::string& /*context*/) override {
         if(type == "ECDSA") {
            return m_ecdsa_key;
         }
         return nullptr;
      }

      Botan::secure_vector<uint8_t> session_ticket_key() override {
         return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");
      }

      Botan::secure_vector<uint8_t> dtls_cookie_secret() override {
         return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");
      }

      std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }

      std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }

      std::vector<Botan::TLS::ExternalPSK> find_preshared_keys(
         std::string_view host,
         Botan::TLS::Connection_Side whoami,
         const std::vector<std::string>& identities = {},
         const std::optional<std::string>& prf = std::nullopt) override {
         if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) {
            return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf);
         }

         std::vector<Botan::TLS::ExternalPSK> psks;
         psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"));
         return psks;
      }

   private:
      std::unique_ptr<Botan::X509_Certificate> m_ecdsa_cert;
      std::shared_ptr<Botan::Private_Key> m_ecdsa_key;
};

class Fuzzer_TLS_Policy : public Botan::TLS::Policy {
   public:
      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version) const override {
         std::vector<uint16_t> ciphersuites;

         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) {
            if(suite.valid()) {
               ciphersuites.push_back(suite.ciphersuite_code());
            }
         }

         return ciphersuites;
      }
};

class Fuzzer_TLS_Server_Callbacks : public Botan::TLS::Callbacks {
   public:
      void tls_emit_data(std::span<const uint8_t>) override {
         // discard
      }

      void tls_record_received(uint64_t, std::span<const uint8_t>) override {
         // ignore peer data
      }

      void tls_alert(Botan::TLS::Alert) override {
         // ignore alert
      }

      std::string tls_server_choose_app_protocol(const std::vector<std::string>& client_protos) override {
         if(client_protos.size() > 1) {
            return client_protos[0];
         } else {
            return "fuzzy";
         }
      }

      void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                                 const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
                                 const std::vector<Botan::Certificate_Store*>& trusted_roots,
                                 Botan::Usage_Type usage,
                                 std::string_view hostname,
                                 const Botan::TLS::Policy& policy) override {
         try {
            // try to validate to exercise those code paths
            Botan::TLS::Callbacks::tls_verify_cert_chain(
               cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
         } catch(...) {
            // ignore validation result
         }
      }
};

}  // namespace

void fuzz(std::span<const uint8_t> in) {
   if(in.size() <= 1) {
      return;
   }

   auto session_manager = std::make_shared<Botan::TLS::Session_Manager_Noop>();
   auto policy = std::make_shared<Fuzzer_TLS_Policy>();
   Botan::TLS::Server_Information info("server.name", 443);
   auto creds = std::make_shared<Fuzzer_TLS_Server_Creds>();
   auto callbacks = std::make_shared<Fuzzer_TLS_Server_Callbacks>();

   const bool is_datagram = in[0] & 1;

   Botan::TLS::Server server(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), is_datagram);

   try {
      server.received_data(in.subspan(1, in.size() - 1));
   } catch(std::exception& e) {}
}

1	/*
2	* (C) 2015,2016 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "fuzzers.h"
8
9	#include <botan/data_src.h>
10	#include <botan/hex.h>
11	#include <botan/pkcs8.h>
12	#include <botan/tls_server.h>
13	#include <botan/tls_session_manager_noop.h>
14
15	#include <memory>
16
17	namespace {
18
19	const char* const fixed_ecdsa_key =
20	"-----BEGIN PRIVATE KEY-----"
21	"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfUjnfxgvrIyrqa5N"
22	"47X1W50cVStDPbASwRcY6zqehjyhRANCAAQTNF0poMBM4tuCY50NrDJU8za/SK45"
23	"erOdFpGK7KRWtBE9zNj6J0f1UB+K8GdekFD2me+iL63v+uBqo/PHRPT9"
24	"-----END PRIVATE KEY-----";
25
26	const char* const fixed_ecdsa_cert =
27	"-----BEGIN CERTIFICATE-----"
28	"MIIB3zCCAYWgAwIBAgIRAPFi6dun9OY7YLuZHqKzdEMwCgYIKoZIzj0EAwIwOTEa"
29	"MBgGA1UEAwwRSXQncyBGdXp6aW5nIFRpbWUxCzAJBgNVBAYTAlZUMQ4wDAYDVQQK"
30	"EwVCb3RhbjAeFw0yNTAxMjAxMzI0MjdaFw0zODAxMTgxMzI0MjdaMDkxGjAYBgNV"
31	"BAMMEUl0J3MgRnV6emluZyBUaW1lMQswCQYDVQQGEwJWVDEOMAwGA1UEChMFQm90"
32	"YW4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQTNF0poMBM4tuCY50NrDJU8za/"
33	"SK45erOdFpGK7KRWtBE9zNj6J0f1UB+K8GdekFD2me+iL63v+uBqo/PHRPT9o24w"
34	"bDAhBgNVHQ4EGgQYevp/SCkZVWPKNAUSez17HTOyneXEWwpEMBQGA1UdEQQNMAuC"
35	"CWxvY2FsaG9zdDAMBgNVHRMBAf8EAjAAMCMGA1UdIwQcMBqAGHr6f0gpGVVjyjQF"
36	"Ens9ex0zsp3lxFsKRDAKBggqhkjOPQQDAgNIADBFAiEApqVCYhySxK/8GLq8wlPh"
37	"MeBg8CwKO83s1h/GYQZD4CUCID5Mzh5mwrkkAuSENjLXAD4dtiu91Zsoye5J0uuU"
38	"60v7"
39	"-----END CERTIFICATE-----";
40
41	class Fuzzer_TLS_Server_Creds : public Botan::Credentials_Manager {
42	public:
43	Fuzzer_TLS_Server_Creds() {	1,128✔
44	Botan::DataSource_Memory cert_in(fixed_ecdsa_cert);	1,128✔
45	m_ecdsa_cert = std::make_unique<Botan::X509_Certificate>(cert_in);	1,128✔
46
47	Botan::DataSource_Memory key_in(fixed_ecdsa_key);	1,128✔
48	m_ecdsa_key.reset(Botan::PKCS8::load_key(key_in).release());	2,256✔
49	}	2,256✔
50
51	std::vector<Botan::X509_Certificate> cert_chain(	×
52	const std::vector<std::string>& algos,
53	const std::vector<Botan::AlgorithmIdentifier>& /signature_schemes/,
54	const std::string& /type/,
55	const std::string& /hostname/) override {
56	std::vector<Botan::X509_Certificate> v;	×
57
58	for(const auto& algo : algos) {	×
59	if(algo == "ECDSA") {	×
60	v.push_back(*m_ecdsa_cert);	×
61	break;
62	}
63	}
64
65	return v;	×
66	}	×
67
68	std::shared_ptr<Botan::Private_Key> private_key_for(const Botan::X509_Certificate& /cert/,	×
69	const std::string& type,
70	const std::string& /context/) override {
71	if(type == "ECDSA") {	×
72	return m_ecdsa_key;	×
73	}
74	return nullptr;	×
75	}
76
77	Botan::secure_vector<uint8_t> session_ticket_key() override {	×
78	return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");	×
79	}
80
81	Botan::secure_vector<uint8_t> dtls_cookie_secret() override {	×
82	return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");	×
83	}
84
85	std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }	×
86
87	std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }	×
88
89	std::vector<Botan::TLS::ExternalPSK> find_preshared_keys(	×
90	std::string_view host,
91	Botan::TLS::Connection_Side whoami,
92	const std::vector<std::string>& identities = {},
93	const std::optional<std::string>& prf = std::nullopt) override {
94	if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) {	×
95	return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf);	×
96	}
97
98	std::vector<Botan::TLS::ExternalPSK> psks;	×
99	psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"));	×
100	return psks;	×
101	}	×
102
103	private:
104	std::unique_ptr<Botan::X509_Certificate> m_ecdsa_cert;
105	std::shared_ptr<Botan::Private_Key> m_ecdsa_key;
106	};
107
108	class Fuzzer_TLS_Policy : public Botan::TLS::Policy {	2,256✔
109	public:
110	std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version) const override {	×
111	std::vector<uint16_t> ciphersuites;	×
112
113	for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) {	×
114	if(suite.valid()) {	×
115	ciphersuites.push_back(suite.ciphersuite_code());	×
116	}
117	}
118
119	return ciphersuites;	×
120	}	×
121	};
122
123	class Fuzzer_TLS_Server_Callbacks : public Botan::TLS::Callbacks {	2,256✔
124	public:
125	void tls_emit_data(std::span<const uint8_t>) override {	1,105✔
126	// discard
127	}	1,105✔
128
129	void tls_record_received(uint64_t, std::span<const uint8_t>) override {	×
130	// ignore peer data
131	}	×
132
133	void tls_alert(Botan::TLS::Alert) override {	×
134	// ignore alert
135	}	×
136
137	std::string tls_server_choose_app_protocol(const std::vector<std::string>& client_protos) override {	×
138	if(client_protos.size() > 1) {	×
139	return client_protos[0];	×
140	} else {
141	return "fuzzy";	×
142	}
143	}
144
145	void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,	×
146	const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
147	const std::vector<Botan::Certificate_Store*>& trusted_roots,
148	Botan::Usage_Type usage,
149	std::string_view hostname,
150	const Botan::TLS::Policy& policy) override {
151	try {	×
152	// try to validate to exercise those code paths
153	Botan::TLS::Callbacks::tls_verify_cert_chain(	×
154	cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
155	} catch(...) {	×
156	// ignore validation result
157	}	×
158	}	×
159	};
160
161	} // namespace
162
163	void fuzz(std::span<const uint8_t> in) {	1,131✔
164	if(in.size() <= 1) {	1,131✔
165	return;	3✔
166	}
167
168	auto session_manager = std::make_shared<Botan::TLS::Session_Manager_Noop>();	1,128✔
169	auto policy = std::make_shared<Fuzzer_TLS_Policy>();	1,128✔
170	Botan::TLS::Server_Information info("server.name", 443);	1,128✔
171	auto creds = std::make_shared<Fuzzer_TLS_Server_Creds>();	1,128✔
172	auto callbacks = std::make_shared<Fuzzer_TLS_Server_Callbacks>();	1,128✔
173
174	const bool is_datagram = in[0] & 1;	1,128✔
175
176	Botan::TLS::Server server(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), is_datagram);	6,768✔
177
178	try {	1,128✔
179	server.received_data(in.subspan(1, in.size() - 1));	1,128✔
180	} catch(std::exception& e) {}	1,105✔
181	}	6,768✔

randombit / botan / 12928057538

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous