/* * (C) 2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include "fuzzers.h" #include #include const char* fixed_rsa_key = "-----BEGIN PRIVATE KEY-----\n" "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCe6qqpMQVJ7zCJ\n" "oSnpxia0yO6M7Ie3FGqPcd0DzueC+kWPvuHQ+PpP5vfO6qqRaDVII37PFX5NUZQm\n" "GK/rAm7spjIHTCMgqSZ8pN13LU8m1gDwIdu9al16LXN9zZjB67uLlFn2trtLi234\n" "i0cnyeF8IC0cz7tgCOzMSVEBcqJjkdgGrZ3WUgOXecVm2lXVrYlEiaSxFp4VOE9k\n" "RFeVrELCjmNtc4hRd1yJsF+vObCtvyqGYQE1Qcb0MVSQDBHMkiUVmO6zuW7td5ef\n" "O/1OyntQJGyVa+SnWbkSLCybta2J7MreHENrF5GA0K1KL140SNRHeWifRMuNQua7\n" "qmKXMBTFAgMBAAECggEAIk3fxyQI0zvpy1vZ01ft1QqmzA7nAPNMSWi33/GS8iga\n" "SfxXfKeySPs/tQ/dAARxs//NiOBH4mLgyxR7LQzaawU5OXALCSraXv+ruuUx990s\n" "WKnGaG4EfbJAAwEVn47Gbkv425P4fEc91vAhzQn8PbIoatbAyOtESpjs/pYDTeC/\n" "mnJId8gqO90cqyRECEMjk9sQ8iEjWPlik4ayGlUVbeeMu6/pJ9F8IZEgkLZiNDAB\n" "4anmOFaT7EmqUjI4IlcaqfbbXyDXlvWUYukidEss+CNvPuqbQHBDnpFVvBxdDR2N\n" "Uj2D5Xd5blcIe2/+1IVRnznjoQ5zvutzb7ThBmMehQKBgQDOITKG0ht2kXLxjVoR\n" "r/pVpx+f3hs3H7wE0+vrLHoQgkVjpMWXQ47YuZTT9rCOOYNI2cMoH2D27t1j78/B\n" "9kGYABUVpvQQ+6amqJDI1eYI6e68TPueEDjeALfSCdmPNiI3lZZrCIK9XLpkoy8K\n" "tGYBRRJ+JJxjj1zPXj9SGshPgwKBgQDFXUtoxY3mCStH3+0b1qxGG9r1L5goHEmd\n" "Am8WBYDheNpL0VqPNzouhuM/ZWMGyyAs/py6aLATe+qhR1uX5vn7LVZwjCSONZ4j\n" "7ieEEUh1BHetPI1oI5PxgokRYfVuckotqVseanI/536Er3Yf2FXNQ1/ceVp9WykX\n" "3mYTKMhQFwKBgQDKakcXpZNaZ5IcKdZcsBZ/rdGcR5sqEnursf9lvRNQytwg8Vkn\n" "JSxNHlBLpV/TCh8lltHRwJ6TXhUBYij+KzhWbx5FWOErHDOWTMmArqtp7W6GcoJT\n" "wVJWjxXzp8CApYQMWVSQXpckJL7UvHohZO0WKiHyxTjde5aD++TqV2qEyQKBgBbD\n" "jvoTpy08K4DLxCZs2Uvw1I1pIuylbpwsdrGciuP2s38BM6fHH+/T4Qwj3osfDKQD\n" "7gHWJ1Dn/wUBHQBlRLoC3bB3iZPZfVb5lhc2gxv0GvWhQVIcoGi/vJ2DpfJKPmIL\n" "4ZWdg3X5dm9JaZ98rVDSj5D3ckd5J0E4hp95GbmbAoGBAJJHM4O9lx60tIjw9Sf/\n" "QmKWyUk0NLnt8DcgRMW7fVxtzPNDy9DBKGIkDdWZ2s+ForICA3C9WSxBC1EOEHGG\n" "xkg2xKt66CeutGroP6M191mHQrRClt1VbEYzQFX21BCk5kig9i/BURyoTHtFiV+t\n" "kbf4VLg8Vk9u/R3RU1HsYWhe\n" "-----END PRIVATE KEY-----\n"; const char* fixed_rsa_cert = "-----BEGIN CERTIFICATE-----\n" "MIIDUDCCAjgCCQD7pIb1ZsoafjANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJW\n" "VDEQMA4GA1UECAwHVmVybW9udDEWMBQGA1UEBwwNVGhlIEludGVybmV0czEUMBIG\n" "A1UECgwLTWFuZ29zIFIgVXMxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTAe\n" "Fw0xNjAxMDYxNzQ3MjNaFw0yNjAxMDMxNzQ3MjNaMGoxCzAJBgNVBAYTAlZUMRAw\n" "DgYDVQQIDAdWZXJtb250MRYwFAYDVQQHDA1UaGUgSW50ZXJuZXRzMRQwEgYDVQQK\n" "DAtNYW5nb3MgUiBVczEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMIIBIjAN\n" "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuqqqTEFSe8wiaEp6cYmtMjujOyH\n" "txRqj3HdA87ngvpFj77h0Pj6T+b3zuqqkWg1SCN+zxV+TVGUJhiv6wJu7KYyB0wj\n" "IKkmfKTddy1PJtYA8CHbvWpdei1zfc2Yweu7i5RZ9ra7S4tt+ItHJ8nhfCAtHM+7\n" "YAjszElRAXKiY5HYBq2d1lIDl3nFZtpV1a2JRImksRaeFThPZERXlaxCwo5jbXOI\n" "UXdcibBfrzmwrb8qhmEBNUHG9DFUkAwRzJIlFZjus7lu7XeXnzv9Tsp7UCRslWvk\n" "p1m5Eiwsm7WtiezK3hxDaxeRgNCtSi9eNEjUR3lon0TLjULmu6pilzAUxQIDAQAB\n" "MA0GCSqGSIb3DQEBCwUAA4IBAQA1eZGc/4V7z/E/6eG0hVkzoAZeuTcSP7WqBSx+\n" "OP2yh0163UYjoa6nehmkKYQQ9PbYPZGzIcl+dBFyYzy6jcp0NdtzpWnTFrjl4rMq\n" "akcQ1D0LTYjJXVP9G/vF/SvatOFeVTnQmLlLt/a8ZtRUINqejeZZPzH8ifzFW6tu\n" "mlhTVIEKyPHpxClh5Y3ubw/mZYygekFTqMkTx3FwJxKU8J6rYGZxanWAODUIvCUo\n" "Fxer1qC5Love3uWl3vXPLEZWZdORnExSRByzz2immBP2vX4zYZoeZRhTQ9ae1TIV\n" "Dk02a/1AOJZdZReDbgXhlqaUx5pk/rzo4mDzvu5HSCeXmClz\n" "-----END CERTIFICATE-----\n"; class Fuzzer_TLS_Server_Creds : public Botan::Credentials_Manager { public: Fuzzer_TLS_Server_Creds() { Botan::DataSource_Memory cert_in(fixed_rsa_cert); Botan::DataSource_Memory key_in(fixed_rsa_key); m_rsa_cert.reset(new Botan::X509_Certificate(cert_in)); //m_rsa_key.reset(Botan::PKCS8::load_key(key_in, fuzzer_rng()); } std::vector cert_chain( const std::vector& algos, const std::string& /*type*/, const std::string& /*hostname*/) override { std::vector v; for(auto algo : algos) { if(algo == "RSA") { v.push_back(*m_rsa_cert); break; } } return v; } Botan::Private_Key* private_key_for(const Botan::X509_Certificate& /*cert*/, const std::string& /*type*/, const std::string& /*context*/) override { return m_rsa_key.get(); } std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; } std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; } Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override { return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899"); } private: std::unique_ptr m_rsa_cert; std::unique_ptr m_rsa_key; }; class Fuzzer_TLS_Policy : public Botan::TLS::Policy { public: std::vector ciphersuite_list(Botan::TLS::Protocol_Version version, bool have_srp) const { std::vector ciphersuites; for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) { if(suite.valid() == false) continue; // Are we doing SRP? if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA) continue; if(!version.supports_aead_modes()) { // Are we doing AEAD in a non-AEAD version? if(suite.mac_algo() == "AEAD") continue; // Older (v1.0/v1.1) versions also do not support any hash but SHA-1 if(suite.mac_algo() != "SHA-1") continue; } ciphersuites.push_back(suite.ciphersuite_code()); } return ciphersuites; } }; class Fuzzer_TLS_Server_Callbacks : public Botan::TLS::Callbacks { public: void tls_emit_data(const uint8_t[], size_t) override { // discard } void tls_record_received(uint64_t, const uint8_t[], size_t) override { // ignore peer data } void tls_alert(Botan::TLS::Alert) override { // ignore alert } bool tls_session_established(const Botan::TLS::Session&) override { return true; // cache it } std::string tls_server_choose_app_protocol(const std::vector& client_protos) override { if(client_protos.size() > 1) return client_protos[0]; else return "fuzzy"; } void tls_verify_cert_chain( const std::vector& cert_chain, const std::vector>& ocsp_responses, const std::vector& trusted_roots, Botan::Usage_Type usage, const std::string& hostname, const Botan::TLS::Policy& policy) override { try { // try to validate to exercise those code paths Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy); } catch(...) { // ignore validation result } } }; void fuzz(const uint8_t in[], size_t len) { if(len <= 1) return; Botan::TLS::Session_Manager_Noop session_manager; Fuzzer_TLS_Policy policy; Botan::TLS::Server_Information info("server.name", 443); Fuzzer_TLS_Server_Creds creds; Fuzzer_TLS_Server_Callbacks callbacks; const bool is_datagram = in[0] & 1; Botan::TLS::Server server(callbacks, session_manager, creds, policy, fuzzer_rng(), is_datagram); try { server.received_data(in + 1, len - 1); } catch(std::exception& e) { } }