]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/fuzzing/tls-client/tls-client.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: New style fuzzing tools for TLS client/server
[thirdparty/hostap.git] / tests / fuzzing / tls-client / tls-client.c
1 /*
2 * Testing tool for TLSv1 client routines
3 * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/tls.h"
13 #include "../fuzzer-common.h"
14
15 #ifndef CERTDIR
16 #define CERTDIR "../../hwsim/auth_serv/"
17 #endif
18
19 struct context {
20 const u8 *data;
21 size_t data_len;
22 size_t data_offset;
23 };
24
25
26 static struct wpabuf * read_msg(struct context *ctx)
27 {
28 u16 msg_len;
29 struct wpabuf *msg;
30
31 if (ctx->data_len - ctx->data_offset < 2) {
32 wpa_printf(MSG_ERROR, "TEST-ERROR: Could not read msg len");
33 return NULL;
34 }
35 msg_len = WPA_GET_BE16(&ctx->data[ctx->data_offset]);
36 ctx->data_offset += 2;
37
38 msg = wpabuf_alloc(msg_len);
39 if (!msg)
40 return NULL;
41 if (msg_len > 0 && ctx->data_len - ctx->data_offset < msg_len) {
42 wpa_printf(MSG_ERROR, "TEST-ERROR: Truncated msg (msg_len=%u)",
43 msg_len);
44 wpabuf_free(msg);
45 return NULL;
46 }
47 wpabuf_put_data(msg, &ctx->data[ctx->data_offset], msg_len);
48 ctx->data_offset += msg_len;
49 wpa_hexdump_buf(MSG_DEBUG, "TEST: Read message from file", msg);
50
51 return msg;
52 }
53
54
55 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
56 {
57 struct context ctx;
58 struct tls_config conf;
59 void *tls_client;
60 struct tls_connection_params params;
61 struct tls_connection *conn_client = NULL;
62 int ret = -1;
63 struct wpabuf *in = NULL, *out = NULL, *appl;
64
65 wpa_fuzzer_set_debug_level();
66
67 os_memset(&ctx, 0, sizeof(ctx));
68 ctx.data = data;
69 ctx.data_len = size;
70
71 os_memset(&conf, 0, sizeof(conf));
72 tls_client = tls_init(&conf);
73 if (!tls_client)
74 goto fail;
75
76 os_memset(&params, 0, sizeof(params));
77 params.ca_cert = CERTDIR "ca.pem";
78 params.client_cert = CERTDIR "server.pem";
79 params.private_key = CERTDIR "server.key";
80 params.dh_file = CERTDIR "dh.conf";
81
82 conn_client = tls_connection_init(tls_client);
83 if (!conn_client)
84 goto fail;
85
86 in = NULL;
87 for (;;) {
88 appl = NULL;
89 out = tls_connection_handshake(tls_client, conn_client, in,
90 &appl);
91 wpabuf_free(in);
92 in = NULL;
93 if (!out)
94 goto fail;
95 if (tls_connection_get_failed(tls_client, conn_client)) {
96 wpa_printf(MSG_ERROR, "TLS handshake failed");
97 goto fail;
98 }
99 if (tls_connection_established(tls_client, conn_client))
100 break;
101
102 appl = NULL;
103 in = read_msg(&ctx);
104 wpabuf_free(out);
105 out = NULL;
106 if (!in)
107 goto fail;
108 if (tls_connection_established(tls_client, conn_client))
109 break;
110 }
111
112 wpabuf_free(in);
113 in = wpabuf_alloc(100);
114 if (!in)
115 goto fail;
116 wpabuf_put_str(in, "PING");
117 wpabuf_free(out);
118 out = tls_connection_encrypt(tls_client, conn_client, in);
119 wpabuf_free(in);
120 in = NULL;
121 if (!out)
122 goto fail;
123
124 wpabuf_free(in);
125 in = wpabuf_alloc(100);
126 if (!in)
127 goto fail;
128 wpabuf_put_str(in, "PONG");
129 wpabuf_free(out);
130 out = read_msg(&ctx);
131 wpabuf_free(in);
132 in = NULL;
133 if (!out)
134 goto fail;
135
136 in = tls_connection_decrypt(tls_client, conn_client, out);
137 wpabuf_free(out);
138 out = NULL;
139 if (!in)
140 goto fail;
141 wpa_hexdump_buf(MSG_DEBUG, "Client decrypted ApplData", in);
142
143 ret = 0;
144 fail:
145 if (tls_client) {
146 if (conn_client)
147 tls_connection_deinit(tls_client, conn_client);
148 tls_deinit(tls_client);
149 }
150 wpabuf_free(in);
151 wpabuf_free(out);
152
153 return ret;
154 }
Unnamed repository; edit this file 'description' to name the repository.