From fb8ba10128613d4afe4a6130bcd3b3bd46553297 Mon Sep 17 00:00:00 2001 From: Pengyu Chen Date: Sat, 11 Nov 2023 15:55:42 +0800 Subject: [PATCH] temporary storage, it wouldbe delete when finished --- fuzz/sgx-stub-enclave/sgx_stub_ecall.c | 195 +++++++++++++------------ fuzz/tls_server/fuzz_server.cc | 3 +- fuzz/tls_sgx_mode/fuzz_sgx_mode.cc | 76 +++++----- 3 files changed, 148 insertions(+), 126 deletions(-) diff --git a/fuzz/sgx-stub-enclave/sgx_stub_ecall.c b/fuzz/sgx-stub-enclave/sgx_stub_ecall.c index b6f657d..8ee9ef7 100644 --- a/fuzz/sgx-stub-enclave/sgx_stub_ecall.c +++ b/fuzz/sgx-stub-enclave/sgx_stub_ecall.c @@ -12,13 +12,17 @@ #define FUZZ_IP "127.0.0.1" #define FUZZ_PORT 1234 -int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, char *attester_type, - char *verifier_type, char *tls_type, char *crypto_type, - unsigned long flags, uint32_t s_ip, uint16_t s_port) + + +int ecall_server_startup(rats_tls_log_level_t log_level, char *attester_type, char *verifier_type, + char *tls_type, char *crypto_type, unsigned long flags, uint32_t s_ip, + uint16_t s_port) { + rats_tls_conf_t conf; - memset(&conf, 0, sizeof(rats_tls_conf_t)); + memset(&conf, 0, sizeof(conf)); + conf.log_level = log_level; snprintf(conf.attester_type, sizeof(conf.attester_type), "%s", attester_type); snprintf(conf.verifier_type, sizeof(conf.verifier_type), "%s", verifier_type); snprintf(conf.tls_type, sizeof(conf.tls_type), "%s", tls_type); @@ -26,8 +30,6 @@ int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, conf.flags = flags; conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; - RTLS_INFO("Enter the client \n"); - claim_t custom_claims[2] = { { .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") }, { .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") }, @@ -35,15 +37,51 @@ int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, conf.custom_claims = (claim_t *)custom_claims; conf.custom_claims_length = 2; - /* Create a socket that uses an internet IPv4 address, - * Sets the socket to be stream based (TCP), - * 0 means choose the default protocol. - */ - int64_t sockfd; int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); if (sgx_status != SGX_SUCCESS || sockfd < 0) { - // RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + return -1; + } + + int reuse = 1; + int ocall_ret = 0; + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_REUSEADDR, + (const void *)&reuse, sizeof(int)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + int flag = 1; + int tcp_keepalive_time = 30; + int tcp_keepalive_intvl = 10; + int tcp_keepalive_probes = 5; + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_KEEPALIVE, &flag, + sizeof(flag)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPIDLE, + &tcp_keepalive_time, sizeof(tcp_keepalive_time)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPINTVL, + &tcp_keepalive_intvl, sizeof(tcp_keepalive_intvl)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPCNT, + &tcp_keepalive_probes, sizeof(tcp_keepalive_probes)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); return -1; } @@ -53,138 +91,113 @@ int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, s_addr.sin_addr.s_addr = s_ip; s_addr.sin_port = s_port; - /* Connect to the server */ - int ocall_ret = 0; - sgx_status = ocall_connect(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); + sgx_status = ocall_bind(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { - // RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret); + RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + /* Listen for a new connection, allow 5 pending connections */ + sgx_status = ocall_listen(&ocall_ret, sockfd, 5); + if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { + RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret); return -1; } - // RTLS_INFO("Enter the init \n"); - /* rats-tls init */ librats_tls_init(); rats_tls_handle handle; rats_tls_err_t ret = rats_tls_init(&conf, &handle); if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + RTLS_ERR("Failed to initialize rats tls %#x\n", ret); return -1; } - // RTLS_INFO("start to negotiate\n"); - ret = rats_tls_negotiate(handle, (int)sockfd); + ret = rats_tls_set_verification_callback(&handle, NULL); if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to negotiate %#x\n", ret); + RTLS_ERR("Failed to set verification callback %#x\n", ret); return -1; } - const char *msg = "Hello and welcome to RATS-TLS!\n"; - size_t len = strlen(msg); - // RTLS_INFO("Enter the transmit \n"); - ret = rats_tls_transmit(handle, (void *)msg, &len); - if (ret != RATS_TLS_ERR_NONE || len != strlen(msg)) { - // RTLS_ERR("Failed to transmit %#x\n", ret); - goto err; - } + struct rtls_sockaddr_in c_addr; + uint32_t addrlen_in = sizeof(c_addr); + uint32_t addrlen_out; - ret = rats_tls_cleanup(handle); - if (ret != RATS_TLS_ERR_NONE) - // RTLS_ERR("Failed to cleanup %#x\n", ret); + while (1) { + RTLS_INFO("Waiting for a connection ...\n"); + int64_t connd; + sgx_status = ocall_accept(&connd, sockfd, &c_addr, addrlen_in, &addrlen_out); + if (sgx_status != SGX_SUCCESS || connd < 0) { + RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd); + return -1; + } + + + + // whether it need delete + ocall_close(&ocall_ret, connd); + } + + RTLS_ERR("server Quick ecall \n"); return 0; -err: - rats_tls_cleanup(handle); - return -1; } -int ecall_server_startup(rats_tls_log_level_t log_level, char *attester_type, char *verifier_type, - char *tls_type, char *crypto_type, unsigned long flags, uint32_t s_ip, - uint16_t s_port) +int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, char *attester_type, + char *verifier_type, char *tls_type, char *crypto_type, + unsigned long flags, uint32_t s_ip, uint16_t s_port) { rats_tls_conf_t conf; + memset(&conf, 0, sizeof(conf)); conf.log_level = log_level; - snprintf(conf.attester_type, sizeof(conf.attester_type), "%s", attester_type); snprintf(conf.verifier_type, sizeof(conf.verifier_type), "%s", verifier_type); snprintf(conf.tls_type, sizeof(conf.tls_type), "%s", tls_type); snprintf(conf.crypto_type, sizeof(conf.crypto_type), "%s", crypto_type); - conf.flags = flags; conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; - claim_t custom_claims[2] = { - { .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") }, - { .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") }, - }; - conf.custom_claims = (claim_t *)custom_claims; - conf.custom_claims_length = 2; - int64_t sockfd; int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); if (sgx_status != SGX_SUCCESS || sockfd < 0) { - // RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); return -1; } - int ocall_ret = 0; - struct rtls_sockaddr_in s_addr; memset(&s_addr, 0, sizeof(s_addr)); s_addr.sin_family = RTLS_AF_INET; s_addr.sin_addr.s_addr = s_ip; s_addr.sin_port = s_port; - /* Bind the server socket */ - sgx_status = ocall_bind(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); - if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { - // RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret); - return -1; - } - - /* Listen for a new connection, allow 5 pending connections */ - sgx_status = ocall_listen(&ocall_ret, sockfd, 5); + int ocall_ret = 0; + sgx_status = ocall_connect(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { - // RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret); + RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret); return -1; } + // RTLS_ERR("connect success\n"); + /* rats-tls init */ librats_tls_init(); + RTLS_ERR("Librats init Ok \n"); rats_tls_handle handle; rats_tls_err_t ret = rats_tls_init(&conf, &handle); - if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to initialize rats tls %#x\n", ret); - return -1; - } - - struct rtls_sockaddr_in c_addr; - uint32_t addrlen_in = sizeof(c_addr); - uint32_t addrlen_out; - while (1) { - // RTLS_INFO("Waiting for a connection ...\n"); + RTLS_ERR("rats_tls_init Ok \n"); + rats_tls_cleanup(handle); + // if (ret != RATS_TLS_ERR_NONE) { + // RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + // return -1; + // } - int64_t connd; - sgx_status = ocall_accept(&connd, sockfd, &c_addr, addrlen_in, &addrlen_out); - if (sgx_status != SGX_SUCCESS || connd < 0) { - // RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd); - return -1; - } - ret = rats_tls_negotiate(handle, connd); - if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to negotiate %#x\n", ret); - goto err; - } + // ocall_close(&ocall_ret,sockfd); - // RTLS_INFO("Client connected successfully\n"); + // ret = rats_tls_cleanup(handle); + // if (ret != RATS_TLS_ERR_NONE) + // RTLS_ERR("Failed to cleanup %#x\n", ret); - ocall_close(&ocall_ret, connd); - } + // return ret; - return 0; -err: - /* Ignore the error code of cleanup in order to return the prepositional error */ - rats_tls_cleanup(handle); - return -1; -} +} \ No newline at end of file diff --git a/fuzz/tls_server/fuzz_server.cc b/fuzz/tls_server/fuzz_server.cc index 0ba872f..681eecb 100644 --- a/fuzz/tls_server/fuzz_server.cc +++ b/fuzz/tls_server/fuzz_server.cc @@ -66,10 +66,11 @@ int main() RTLS_ERR("Failed to load sgx stub enclave\n"); return -1; } + RTLS_ERR("load enclave ok \n"); unsigned long flags = 0; flags |= RATS_TLS_CONF_FLAGS_SERVER; - flags |= RATS_TLS_CONF_FLAGS_MUTUAL; + // flags |= RATS_TLS_CONF_FLAGS_MUTUAL; // TODO: add sgx_ecdsa type rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO; diff --git a/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc b/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc index 956cc7d..1504218 100644 --- a/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc +++ b/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc @@ -57,33 +57,29 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } FuzzedDataProvider fuzzed_data(data, size); - sgx_enclave_id_t enclave_id = load_enclave(fuzzed_data.ConsumeBool()); - if (enclave_id == 0) { - RTLS_ERR("Failed to load sgx stub enclave\n"); - return -1; - } + char *fuzz_conf_bytes = NULL; uint32_t s_ip = inet_addr(FUZZ_IP); uint16_t s_port = htons((uint16_t)FUZZ_PORT); - char *attester_type = (char *)malloc(20); - if (attester_type == NULL) { - return 0; - } - char *verifier_type = (char *)malloc(20); - if (verifier_type == NULL) { - return 0; - } - char *tls_type = (char *)malloc(20); - if (tls_type == NULL) { - return 0; - } - char *crypto_type = (char *)malloc(20); - if (crypto_type == NULL) { - return 0; - } + // char *attester_type = (char *)malloc(20); + // if (attester_type == NULL) { + // return 0; + // } + // char *verifier_type = (char *)malloc(20); + // if (verifier_type == NULL) { + // return 0; + // } + // char *tls_type = (char *)malloc(20); + // if (tls_type == NULL) { + // return 0; + // } + // char *crypto_type = (char *)malloc(20); + // if (crypto_type == NULL) { + // return 0; + // } for (int i = 0; i < 9; i++) { @@ -91,16 +87,27 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) for (int k = 0; k < 4; k++) { for (int l = 0; l < 4; l++) { //TODO: other sgx type would support later - strcpy(attester_type, "sgx_la"); - strcpy(verifier_type, "sgx_la"); - strcpy(tls_type, "openssl"); - strcpy(crypto_type, "openssl"); + // strcpy(attester_type, "sgx_la"); + // strcpy(verifier_type, "sgx_la"); + // strcpy(tls_type, "openssl"); + // strcpy(crypto_type, "openssl"); + + sgx_enclave_id_t enclave_id = load_enclave(false); + if (enclave_id == 0) { + RTLS_ERR("Failed to load sgx stub enclave\n"); + return -1; + } - unsigned long flags = fuzzed_data.ConsumeIntegral(); - flags |= RATS_TLS_CONF_FLAGS_MUTUAL; - int ret = 0; - rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO; + char *attester_type = "sgx_la"; + char *verifier_type = "sgx_la"; + char *tls_type = "openssl"; + char *crypto_type = "openssl"; + unsigned long flags = 0; + flags |= RATS_TLS_CONF_FLAGS_MUTUAL ; + int ret = 0; + rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_DEBUG; + int sgx_status = ecall_client_startup( (sgx_enclave_id_t)enclave_id, &ret, log_level, fuzz_conf_bytes, attester_type, verifier_type, @@ -110,16 +117,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) "failed to startup client: sgx status %#x return %#x\n", sgx_status, ret); } + sgx_destroy_enclave(enclave_id); } } } } /*clean up*/ - free(fuzz_conf_bytes); - free(attester_type); - free(verifier_type); - free(tls_type); - free(crypto_type); + // free(fuzz_conf_bytes); + // free(attester_type); + // free(verifier_type); + // free(tls_type); + // free(crypto_type); return 0; }