tls_client.cpp - mozsearch

Enable keyboard shortcuts

/*

* (C) 2015,2016 Jack Lloyd

* Botan is released under the Simplified BSD License (see license.txt)

*/

#include "fuzzers.h"

#include <botan/tls_client.h>

class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager

   public:

      std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }

      std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }

      Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override

         return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899");

};

class Fuzzer_TLS_Policy : public Botan::TLS::Policy

   public:

      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version,

                                             bool have_srp) const

         std::vector<uint16_t> ciphersuites;

         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites())

            if(suite.valid() == false)

               continue;

            // Are we doing SRP?

            if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA)

               continue;

            if(!version.supports_aead_modes())

               // Are we doing AEAD in a non-AEAD version?

               if(suite.mac_algo() == "AEAD")

                  continue;

               // Older (v1.0/v1.1) versions also do not support any hash but SHA-1

               if(suite.mac_algo() != "SHA-1")

                  continue;

            ciphersuites.push_back(suite.ciphersuite_code());

         return ciphersuites;

};

class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks

   public:

       void tls_emit_data(const uint8_t[], size_t) override

         // discard

      void tls_record_received(uint64_t, const uint8_t[], size_t) override

         // ignore peer data

      void tls_alert(Botan::TLS::Alert) override

         // ignore alert

      bool tls_session_established(const Botan::TLS::Session&) override

         return true; // cache it

      void tls_verify_cert_chain(

         const std::vector<Botan::X509_Certificate>& cert_chain,

         const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,

         const std::vector<Botan::Certificate_Store*>& trusted_roots,

         Botan::Usage_Type usage,

         const std::string& hostname,

         const Botan::TLS::Policy& policy) override

try

            // try to validate to exercise those code paths

            Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses,

                                                         trusted_roots, usage, hostname, policy);

         catch(...)

            // ignore validation result

};

void fuzz(const uint8_t in[], size_t len)

   if(len == 0)

      return;

   Botan::TLS::Session_Manager_Noop session_manager;

   Fuzzer_TLS_Policy policy;

   Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;

   Botan::TLS::Server_Information info("server.name", 443);

   Fuzzer_TLS_Client_Callbacks callbacks;

   Fuzzer_TLS_Client_Creds creds;

   Botan::TLS::Client client(callbacks,

                             session_manager,

                             creds,

                             policy,

                             fuzzer_rng(),

                             info,

                             client_offer);

try

      client.received_data(in, len);

   catch(std::exception& e)