fuzz/*: add fuzz testing for host mode

use libfuzz for host mode Signed-off-by: Pengyu Chen <[email protected]>
inclavare-containers · Jul 27, 2023 · de9a3d9 · de9a3d9
1 parent 5aec28f
commit de9a3d9
Show file tree

Hide file tree

Showing 9 changed files with 485 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -101,6 +101,7 @@ if(BUILD_SAMPLES)
     message(STATUS "Build Samples: on")
     add_subdirectory(samples)
 endif()
+add_subdirectory(fuzz)
 
 # Uninstall target
 if(NOT TARGET uninstall)

diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
@@ -0,0 +1,3 @@
+add_subdirectory(tls_init)
+add_subdirectory(tls_negotiate)
+add_subdirectory(tls_server)
diff --git a/fuzz/README.md b/fuzz/README.md
@@ -0,0 +1,8 @@
+## build
+just use cmake to build in the host mode, and you would see fuzz in `/usr/share/rats-tls/fuzz` 
+
++ tls_init
+to fuzz `rats_tls_init()`, we use random input `* data` to fill the `conf`, and set value to part of the `conf` in order to run `rats_tls_init()` more frequently
+
++ tls_negotiate
+to fuzz this, we create `tls_server` folder first, then use `tls_negotiate` to connect to server and fuzz the `rats_tls_negotiate()` API
diff --git a/fuzz/tls_init/CMakeLists.txt b/fuzz/tls_init/CMakeLists.txt
@@ -0,0 +1,74 @@
+project(fuzz_init CXX)
+
+if(NOT SGX)
+    #set(CMAKE_C_FLAGS "-fPIE ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
+    set(CMAKE_CXX_COMPILER "/usr/bin/clang++")
+    set(CMAKE_CXX_FLAGS "-g -fsanitize=address,fuzzer  ${CMAKE_CXX_FLAGS}")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS}")
+endif()
+
+if(SGX)
+    list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+    include(CustomInstallDirs)
+    include(FindRatsTls)
+    if(NOT RATS_TLS_FOUND)
+        message(FATAL_ERROR "Failed to find rats_tls!")
+    endif()
+
+    include(FindSGX)
+    if(NOT SGX_FOUND)
+        message(FATAL_ERROR "Failed to find sgx!")
+    endif()
+
+    include(CompilerOptions)
+    include(SGXCommon)
+
+    set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave
+                             ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+			     )
+    set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
+                     )
+    list(APPEND LIBRARY_DIRS ${CMAKE_BINARY_DIR}/src/sgx/untrust
+                             ${CMAKE_BINARY_DIR}/samples/sgx-stub-enclave
+                             )
+    set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave
+                         ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                         )
+    set(DEPEND_UNTRUSTED_LIBS ${CMAKE_BINARY_DIR}/src/sgx/untrust/librats_tls_u.a)
+
+else()
+    set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
+                     ${RATS_TLS_INSTALL_INCLUDE_PATH}
+                     ${RATS_TLS_INSTALL_INCLUDE_PATH}/edl
+                     )
+    set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH})
+endif()
+
+include_directories(${INCLUDE_DIRS})
+link_directories(${LIBRARY_DIRS})
+
+# Set source file
+set(SOURCES fuzz_init.cc)
+
+# Generate bin file
+if(SGX)
+    set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave/sgx_stub.edl)
+    add_untrusted_executable(${PROJECT_NAME}
+                             SRCS ${SOURCES}
+                             UNTRUSTED_LIBS ${DEPEND_UNTRUSTED_LIBS}
+                             EDL ${EDLS}
+                             EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS}
+                             )
+    add_dependencies(${PROJECT_NAME} sgx_stub_enclave-sign)
+else()
+    add_executable(${PROJECT_NAME} ${SOURCES})
+    target_link_libraries(${PROJECT_NAME} rats_tls)
+endif()
+
+install(TARGETS ${PROJECT_NAME}
+	DESTINATION /usr/share/rats-tls/fuzz)
diff --git a/fuzz/tls_init/fuzz_init.cc b/fuzz/tls_init/fuzz_init.cc
@@ -0,0 +1,56 @@
+/* Copyright (c) 2021 Intel Corporation
+ * Copyright (c) 2020-2021 Alibaba Cloud
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+extern "C"{
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include "rats-tls/api.h"
+#include "rats-tls/log.h"
+#include "rats-tls/claim.h"
+#include "internal/core.h"
+
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data,size_t size){
+    rats_tls_conf_t conf;
+    if(size < sizeof(rats_tls_conf_t) + 10 * sizeof(claim_t)){
+        return 0;
+    }
+    memcpy(&conf, data, sizeof(conf));
+    conf.log_level  = RATS_TLS_LOG_LEVEL_DEFAULT;
+    conf.api_version = 0;
+
+    /*fuzz log level*/
+    /*fuzz round could not be too huge, that leads to unexpected log_level*/
+    strcpy(conf.attester_type, "nullattester");
+    strcpy(conf.verifier_type, "nullverifier");
+    strcpy(conf.tls_type, "nulltls");
+    strcpy(conf.crypto_type, "nullcrypto");
+
+    conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT;
+    conf.flags = RATS_TLS_CONF_FLAGS_MUTUAL;
+
+    /*dose this claims need to be same all the time*/
+    claim_t custom_claims[2] = {
+		{ .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") },
+		{ .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") },
+	};
+	conf.custom_claims = (claim_t *)custom_claims;
+	conf.custom_claims_length = 2;
+
+    //claim_t custom_claims[10];
+    //for(int i=0;i<10;i++){
+        //memcpy(&custom_claims[i], data + sizeof(rats_tls_conf_t)  + i *sizeof(claim_t),sizeof(claim_t));
+    //}
+    //conf.custom_claims = (claim_t *)custom_claims;
+    //conf.custom_claims_length = 10;
+
+    rats_tls_handle handle;
+    rats_tls_err_t err = rats_tls_init(&conf,&handle);
+    return 0;
+
+
+}
diff --git a/fuzz/tls_negotiate/CMakeLists.txt b/fuzz/tls_negotiate/CMakeLists.txt
@@ -0,0 +1,75 @@
+project(fuzz_negotiate CXX)
+
+if(NOT SGX)
+    #set(CMAKE_C_FLAGS "-fPIE ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
+    set(CMAKE_CXX_COMPILER "/usr/bin/clang++")
+    set(CMAKE_CXX_FLAGS "-g -fsanitize=address,fuzzer ${CMAKE_CXX_FLAGS}")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS}")
+endif()
+
+if(SGX)
+    list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+    include(CustomInstallDirs)
+    include(FindRatsTls)
+    if(NOT RATS_TLS_FOUND)
+        message(FATAL_ERROR "Failed to find rats_tls!")
+    endif()
+
+    include(FindSGX)
+    if(NOT SGX_FOUND)
+        message(FATAL_ERROR "Failed to find sgx!")
+    endif()
+
+    include(CompilerOptions)
+    include(SGXCommon)
+
+    set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave
+                             ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+			     )
+    set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
+                     )
+    list(APPEND LIBRARY_DIRS ${CMAKE_BINARY_DIR}/src/sgx/untrust
+                             ${CMAKE_BINARY_DIR}/samples/sgx-stub-enclave
+                             )
+    set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave
+                         ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                         )
+    set(DEPEND_UNTRUSTED_LIBS ${CMAKE_BINARY_DIR}/src/sgx/untrust/librats_tls_u.a)
+
+else()
+    set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
+                     ${RATS_TLS_INSTALL_INCLUDE_PATH}
+                     ${RATS_TLS_INSTALL_INCLUDE_PATH}/edl
+                     )
+    set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH})
+endif()
+
+include_directories(${INCLUDE_DIRS})
+link_directories(${LIBRARY_DIRS})
+
+# Set source file
+set(SOURCES fuzz_negotiate.cc)
+
+# Generate bin file
+if(SGX)
+    set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave/sgx_stub.edl)
+    add_untrusted_executable(${PROJECT_NAME}
+                             SRCS ${SOURCES}
+                             UNTRUSTED_LIBS ${DEPEND_UNTRUSTED_LIBS}
+                             EDL ${EDLS}
+                             EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS}
+                             )
+    add_dependencies(${PROJECT_NAME} sgx_stub_enclave-sign)
+else()
+    add_executable(${PROJECT_NAME} ${SOURCES})
+    target_link_libraries(${PROJECT_NAME} rats_tls)
+endif()
+
+install(TARGETS ${PROJECT_NAME}
+	DESTINATION /usr/share/rats-tls/fuzz)
+
diff --git a/fuzz/tls_negotiate/fuzz_negotiate.cc b/fuzz/tls_negotiate/fuzz_negotiate.cc
@@ -0,0 +1,98 @@
+/* Copyright (c) 2021 Intel Corporation
+ * Copyright (c) 2020-2021 Alibaba Cloud
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+extern "C"{
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <unistd.h>
+#include <arpa/inet.h>
+#include "rats-tls/api.h"
+#include "rats-tls/log.h"
+#include "rats-tls/claim.h"
+#include "internal/core.h"
+#include "internal/crypto_wrapper.h"
+#include "internal/attester.h"
+#include "internal/verifier.h"
+#include "internal/tls_wrapper.h"
+
+}
+#define FUZZ_IP "127.0.0.1"
+#define FUZZ_PORT 1234
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data,size_t size){
+
+    if(size < sizeof(rats_tls_conf_t)){
+        return 0;
+    }
+    rats_tls_conf_t conf;
+    memcpy(&conf, data, sizeof(conf));
+	conf.log_level = RATS_TLS_LOG_LEVEL_DEFAULT;
+    conf.api_version = 0;
+    strcpy(conf.attester_type, "nullattester");
+    strcpy(conf.verifier_type, "nullverifier");
+    strcpy(conf.tls_type, "nulltls");
+    strcpy(conf.crypto_type, "nullcrypto");
+	conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT;
+    conf.flags = RATS_TLS_CONF_FLAGS_MUTUAL;
+
+    claim_t custom_claims[2] = {
+		{ .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") },
+		{ .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") },
+	};
+	conf.custom_claims = (claim_t *)custom_claims;
+	conf.custom_claims_length = 2;
+
+	/* Create a socket that uses an internet IPv4 address,
+	 * Sets the socket to be stream based (TCP),
+	 * 0 means choose the default protocol.
+	 */
+	int sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	if (sockfd < 0) {
+		RTLS_ERR("failed to call socket()\n");
+		return -1;
+	}
+
+	struct sockaddr_in s_addr;
+	memset(&s_addr, 0, sizeof(s_addr));
+	s_addr.sin_family = AF_INET;
+	s_addr.sin_port = htons(FUZZ_PORT);
+
+	/* Get the server IPv4 address from the command line call */
+	if (inet_pton(AF_INET, FUZZ_IP, &s_addr.sin_addr) != 1) {
+		RTLS_ERR("invalid server address\n");
+		return -1;
+	}
+
+	/* Connect to the server */
+	if (connect(sockfd, (struct sockaddr *)&s_addr, sizeof(s_addr)) == -1) {
+		RTLS_ERR("failed to call connect()\n");
+		return -1;
+	}
+
+	rats_tls_handle handle;
+	rats_tls_err_t ret = rats_tls_init(&conf, &handle);
+	if (ret != RATS_TLS_ERR_NONE) {
+		RTLS_ERR("Failed to initialize rats tls %#x\n", ret);
+		return -1;
+	}
+
+	ret = rats_tls_set_verification_callback(&handle, NULL);
+	if (ret != RATS_TLS_ERR_NONE) {
+		RTLS_ERR("Failed to set verification callback %#x\n", ret);
+		return -1;
+	}
+
+
+    rats_tls_negotiate(handle,sockfd);
+
+    close(sockfd);
+    return 0;
+
+}