aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2015-07-11 17:33:18 -0400
committerJack Lloyd <[email protected]>2015-07-11 17:33:18 -0400
commitd1b75ea89fa90ef9534a797c9bdb67d2f58a6d2b (patch)
tree98b156a3cdac7cd3260acbc6807d0aab7359f844
parente231e1f3700ead7a4ac9f4b5b90beb2dc6158a90 (diff)
Add an application to the command line providing a fuzzer entry point.
-rw-r--r--src/cmd/fuzzer.cpp122
1 files changed, 122 insertions, 0 deletions
diff --git a/src/cmd/fuzzer.cpp b/src/cmd/fuzzer.cpp
new file mode 100644
index 000000000..09c1fba42
--- /dev/null
+++ b/src/cmd/fuzzer.cpp
@@ -0,0 +1,122 @@
+/*
+* (C) 2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "apps.h"
+#include <botan/x509cert.h>
+#include <botan/x509_crl.h>
+#include <botan/pkcs8.h>
+#include <botan/tls_client.h>
+#include <botan/system_rng.h>
+#include <fstream>
+
+namespace {
+
+class Fuzzer_Creds : public Credentials_Manager
+ {
+ public:
+ void verify_certificate_chain(const std::string& type,
+ const std::string& purported_hostname,
+ const std::vector<X509_Certificate>& cert_chain) override
+ {
+ try
+ {
+ Credentials_Manager::verify_certificate_chain(type,
+ purported_hostname,
+ cert_chain);
+ }
+ catch(std::exception& e) {}
+ }
+
+ std::string psk_identity_hint(const std::string&, const std::string&) { return "psk_hint"; }
+ std::string psk_identity(const std::string&, const std::string&) { return "psk_id"; }
+ SymmetricKey psk(const std::string&, const std::string&, const std::string&)
+ {
+ return SymmetricKey("AABBCCDDEEFF00112233445566778899");
+ }
+ };
+
+int fuzzer(int argc, char* argv[])
+ {
+ if(argc != 3)
+ {
+ std::cout << "Usage: " << argv[0] << " [type] [input_file]\n";
+ std::cout << "Hook for fuzzers such as afl (produces no output)\n";
+ std::cout << "Types: cert crl privkey tls_client\n";
+ return 1;
+ }
+
+ const std::string type = argv[1];
+ const std::string input = argv[2];
+
+ auto& rng = system_rng();
+
+ if(type == "cert")
+ {
+ X509_Certificate cert(input);
+ }
+ else if(type == "crl")
+ {
+ X509_CRL crl(input);
+ }
+ else if(type == "privkey")
+ {
+ std::unique_ptr<Private_Key>(PKCS8::load_key(input, rng));
+ }
+ else if(type == "tls_client")
+ {
+ auto dev_null = [](const byte[], size_t) {};
+
+ auto ignore_alerts = [](TLS::Alert, const byte[], size_t) {};
+ auto ignore_hs = [](const TLS::Session&) { return true; };
+
+ TLS::Session_Manager_In_Memory session_manager(rng);
+ TLS::Policy policy;
+ TLS::Protocol_Version client_offer = TLS::Protocol_Version::TLS_V12;
+ TLS::Server_Information info("server.name", 443);
+ const std::vector<std::string> protocols_to_offer = { "fuzz/1.0", "http/1.1", "bunny/1.21.3" };
+ Fuzzer_Creds creds;
+
+ TLS::Client client(dev_null,
+ dev_null,
+ ignore_alerts,
+ ignore_hs,
+ session_manager,
+ creds,
+ policy,
+ rng,
+ info,
+ client_offer,
+ protocols_to_offer);
+
+ std::ifstream in(input.c_str());
+
+ std::vector<byte> buf(1024);
+
+ try
+ {
+ while(in.good())
+ {
+ in.read((char*)&buf[0], buf.size());
+ size_t got = in.gcount();
+ client.received_data(&buf[0], got);
+ }
+ }
+ catch(std::exception& e)
+ {
+ }
+ }
+ else
+ {
+ std::cout << "Unhandled type " << type << "\n";
+ return 1;
+ }
+
+ return 0;
+ }
+
+REGISTER_APP(fuzzer);
+
+}