diff options
author | Jack Lloyd <[email protected]> | 2015-07-11 17:33:18 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2015-07-11 17:33:18 -0400 |
commit | d1b75ea89fa90ef9534a797c9bdb67d2f58a6d2b (patch) | |
tree | 98b156a3cdac7cd3260acbc6807d0aab7359f844 | |
parent | e231e1f3700ead7a4ac9f4b5b90beb2dc6158a90 (diff) |
Add an application to the command line providing a fuzzer entry point.
-rw-r--r-- | src/cmd/fuzzer.cpp | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/src/cmd/fuzzer.cpp b/src/cmd/fuzzer.cpp new file mode 100644 index 000000000..09c1fba42 --- /dev/null +++ b/src/cmd/fuzzer.cpp @@ -0,0 +1,122 @@ +/* +* (C) 2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "apps.h" +#include <botan/x509cert.h> +#include <botan/x509_crl.h> +#include <botan/pkcs8.h> +#include <botan/tls_client.h> +#include <botan/system_rng.h> +#include <fstream> + +namespace { + +class Fuzzer_Creds : public Credentials_Manager + { + public: + void verify_certificate_chain(const std::string& type, + const std::string& purported_hostname, + const std::vector<X509_Certificate>& cert_chain) override + { + try + { + Credentials_Manager::verify_certificate_chain(type, + purported_hostname, + cert_chain); + } + catch(std::exception& e) {} + } + + std::string psk_identity_hint(const std::string&, const std::string&) { return "psk_hint"; } + std::string psk_identity(const std::string&, const std::string&) { return "psk_id"; } + SymmetricKey psk(const std::string&, const std::string&, const std::string&) + { + return SymmetricKey("AABBCCDDEEFF00112233445566778899"); + } + }; + +int fuzzer(int argc, char* argv[]) + { + if(argc != 3) + { + std::cout << "Usage: " << argv[0] << " [type] [input_file]\n"; + std::cout << "Hook for fuzzers such as afl (produces no output)\n"; + std::cout << "Types: cert crl privkey tls_client\n"; + return 1; + } + + const std::string type = argv[1]; + const std::string input = argv[2]; + + auto& rng = system_rng(); + + if(type == "cert") + { + X509_Certificate cert(input); + } + else if(type == "crl") + { + X509_CRL crl(input); + } + else if(type == "privkey") + { + std::unique_ptr<Private_Key>(PKCS8::load_key(input, rng)); + } + else if(type == "tls_client") + { + auto dev_null = [](const byte[], size_t) {}; + + auto ignore_alerts = [](TLS::Alert, const byte[], size_t) {}; + auto ignore_hs = [](const TLS::Session&) { return true; }; + + TLS::Session_Manager_In_Memory session_manager(rng); + TLS::Policy policy; + TLS::Protocol_Version client_offer = TLS::Protocol_Version::TLS_V12; + TLS::Server_Information info("server.name", 443); + const std::vector<std::string> protocols_to_offer = { "fuzz/1.0", "http/1.1", "bunny/1.21.3" }; + Fuzzer_Creds creds; + + TLS::Client client(dev_null, + dev_null, + ignore_alerts, + ignore_hs, + session_manager, + creds, + policy, + rng, + info, + client_offer, + protocols_to_offer); + + std::ifstream in(input.c_str()); + + std::vector<byte> buf(1024); + + try + { + while(in.good()) + { + in.read((char*)&buf[0], buf.size()); + size_t got = in.gcount(); + client.received_data(&buf[0], got); + } + } + catch(std::exception& e) + { + } + } + else + { + std::cout << "Unhandled type " << type << "\n"; + return 1; + } + + return 0; + } + +REGISTER_APP(fuzzer); + +} |