From 58930bbbaccee308af994371167f5ff172eee34e Mon Sep 17 00:00:00 2001 From: Pengyu Chen Date: Sun, 1 Oct 2023 01:44:38 +0000 Subject: [PATCH] fuzz/*,cmake/*: fuzz APIs in sgx mode fuzz `rats_tls_init()`, `rats_tls_negotiate()`, `rats_tls_transmit()`, `rats_tls_receive()` and `rats_tls_cleanup()` in sgx mode Signed-off-by: Pengyu Chen --- cmake/CompilerOptions.cmake | 17 ++- fuzz/CMakeLists.txt | 14 +- fuzz/sgx-stub-enclave/CMakeLists.txt | 83 +++++++++++ fuzz/sgx-stub-enclave/sgx_stub.edl | 12 ++ fuzz/sgx-stub-enclave/sgx_stub_ecall.cpp | 20 +++ fuzz/sgx-stub-enclave/sgx_stub_ecall.h | 3 + fuzz/sgx-stub-enclave/sgx_stub_enclave.lds | 11 ++ fuzz/sgx-stub-enclave/sgx_stub_enclave.pem | 39 +++++ fuzz/sgx-stub-enclave/sgx_stub_enclave.xml | 9 ++ fuzz/tls_init/CMakeLists.txt | 63 +++++++- fuzz/tls_init/fuzz_init.cc | 53 ++++++- fuzz/tls_negotiate/CMakeLists.txt | 30 ++++ fuzz/tls_negotiate/fuzz_negotiate.cc | 163 +++++++++++++++++++++ fuzz/tls_transmit/CMakeLists.txt | 9 +- 14 files changed, 507 insertions(+), 19 deletions(-) create mode 100644 fuzz/sgx-stub-enclave/CMakeLists.txt create mode 100644 fuzz/sgx-stub-enclave/sgx_stub.edl create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_ecall.cpp create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_ecall.h create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_enclave.lds create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_enclave.pem create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_enclave.xml create mode 100644 fuzz/tls_negotiate/CMakeLists.txt create mode 100644 fuzz/tls_negotiate/fuzz_negotiate.cc diff --git a/cmake/CompilerOptions.cmake b/cmake/CompilerOptions.cmake index 29f7e5d7..b808022f 100644 --- a/cmake/CompilerOptions.cmake +++ b/cmake/CompilerOptions.cmake @@ -1,5 +1,5 @@ # Normal and occlum mode -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration") +# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration") set(RATS_TLS_LDFLAGS "-fPIC -Bsymbolic -ldl") if(OCCLUM) @@ -12,6 +12,16 @@ else() set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2") endif() +if((BUILD_FUZZ) AND (SGX)) + set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wno-implicit-function-declaration") + set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC -Werror=implicit-function-declaration") +elseif() + set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11") + set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration") +endif() + # SGX mode if(SGX) if(SGX_HW) @@ -56,8 +66,8 @@ if(SGX) set(ENCLAVE_COMMON_FLAGS "${ENCLAVE_COMMON_FLAGS} -fstack-protector-strong") endif() - set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11") - set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11") + # set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11") + # set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11") set(ENCLAVE_INCLUDES "${SGX_INCLUDE}" "${SGX_TLIBC_INCLUDE}" "${SGX_LIBCXX_INCLUDE}" "/usr/include") set(ENCLAVE_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${ENCLAVE_COMMON_FLAGS}") @@ -67,3 +77,4 @@ if(SGX) set(APP_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${APP_COMMON_FLAGS}") set(APP_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_COMMON_CXXFLAGS} ${APP_COMMON_FLAGS}") endif() + diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index de3d568c..5dec295b 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -1,4 +1,10 @@ -add_subdirectory(tls_init) -add_subdirectory(tls_negotiate) -add_subdirectory(tls_server) -add_subdirectory(tls_transmit) \ No newline at end of file +if(SGX) + add_subdirectory(tls_init) +else() + add_subdirectory(tls_negotiate) + add_subdirectory(tls_server) + add_subdirectory(tls_transmit) +endif() +if(SGX) + add_subdirectory(sgx-stub-enclave) +endif() \ No newline at end of file diff --git a/fuzz/sgx-stub-enclave/CMakeLists.txt b/fuzz/sgx-stub-enclave/CMakeLists.txt new file mode 100644 index 00000000..964546c4 --- /dev/null +++ b/fuzz/sgx-stub-enclave/CMakeLists.txt @@ -0,0 +1,83 @@ +# Project name +project(sgx-stub-enclave CXX) + +set(CMAKE_CXX_COMPILER "/usr/bin/clang++") +set(CMAKE_CXX_FLAGS "-g ${CMAKE_CXX_FLAGS}") +set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) + +if((BUILD_SAMPLES) OR (BUILD_FUZZ)) + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/include + ) + + set(LIBRARY_DIRS ${INTEL_SGXSSL_LIB_PATH} + ${LIBCBOR_LIB_PATH} + ${CMAKE_BINARY_DIR}/src + ${CMAKE_BINARY_DIR}/src/crypto_wrappers/nullcrypto + ${CMAKE_BINARY_DIR}/src/crypto_wrappers/openssl + ${CMAKE_BINARY_DIR}/src/tls_wrappers/nulltls + ${CMAKE_BINARY_DIR}/src/tls_wrappers/openssl + ${CMAKE_BINARY_DIR}/src/verifiers/nullverifier + ${CMAKE_BINARY_DIR}/src/verifiers/sgx-ecdsa-qve + ${CMAKE_BINARY_DIR}/src/verifiers/tdx-ecdsa + ${CMAKE_BINARY_DIR}/src/verifiers/sgx-la + ${CMAKE_BINARY_DIR}/src/attesters/nullattester + ${CMAKE_BINARY_DIR}/src/attesters/sgx-ecdsa + ${CMAKE_BINARY_DIR}/src/attesters/sgx-la + ) + + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) +else() + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake") + include(CustomInstallDirs) + include(FindRatsTls) + if(NOT RATS_TLS_FOUND) + message(FATAL_ERROR "Failed to find rats_tls!") + endif() + include(FindSGX) + if(NOT SGX_FOUND) + message(FATAL_ERROR "Failed to find sgx!") + endif() + include(CompilerOptions) + include(SGXCommon) + + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl) + + set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) + + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl) +endif() + +include_directories(${INCLUDE_DIRS}) +link_directories(${LIBRARY_DIRS}) + +set(E_SRCS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_ecall.cpp) +set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub.edl) +set(LDS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_enclave.lds) +set(DEPEND_TRUSTED_LIBS crypto_wrapper_nullcrypto + crypto_wrapper_openssl + tls_wrapper_nulltls + tls_wrapper_openssl + attester_nullattester + attester_sgx_ecdsa + attester_sgx_la + verifier_nullverifier + verifier_sgx_la + verifier_sgx_ecdsa_qve + verifier_tdx_ecdsa + rats_tls + cbor + ) + +add_enclave_library(sgx_stub_enclave SRCS ${E_SRCS} EDL ${EDLS} TRUSTED_LIBS ${DEPEND_TRUSTED_LIBS} EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS} LDSCRIPT ${LDS}) +enclave_sign(sgx_stub_enclave KEY sgx_stub_enclave.pem CONFIG sgx_stub_enclave.xml) +add_dependencies(sgx_stub_enclave rats_tls) + +install(FILES ${CMAKE_CURRENT_BINARY_DIR}/sgx_stub_enclave.signed.so + DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH}) diff --git a/fuzz/sgx-stub-enclave/sgx_stub.edl b/fuzz/sgx-stub-enclave/sgx_stub.edl new file mode 100644 index 00000000..fe59ecac --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub.edl @@ -0,0 +1,12 @@ +enclave { + include "rats-tls/api.h" + include "internal/core.h" + include "sgx_eid.h" + + from "../../src/include/edl/rtls.edl" import *; + from "sgx_tsgxssl.edl" import *; + + trusted { + public int ecall_client_startup(); + }; +}; \ No newline at end of file diff --git a/fuzz/sgx-stub-enclave/sgx_stub_ecall.cpp b/fuzz/sgx-stub-enclave/sgx_stub_ecall.cpp new file mode 100644 index 00000000..0ee7a1ec --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_ecall.cpp @@ -0,0 +1,20 @@ +#include +#include +#include + +extern "C"{ +#include +#include +#include "rats-tls/api.h" +#include "sgx_urts.h" +} + +extern "C"{ + +int ecall_client_startup(){ + int b = 0; + int c = 3 + b; + return 0; +} + +} \ No newline at end of file diff --git a/fuzz/sgx-stub-enclave/sgx_stub_ecall.h b/fuzz/sgx-stub-enclave/sgx_stub_ecall.h new file mode 100644 index 00000000..5b69b341 --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_ecall.h @@ -0,0 +1,3 @@ +#ifndef _SGX_STUB_ECALL_H_ +#define _SGX_STUB_ECALL_H_ +#endif \ No newline at end of file diff --git a/fuzz/sgx-stub-enclave/sgx_stub_enclave.lds b/fuzz/sgx-stub-enclave/sgx_stub_enclave.lds new file mode 100644 index 00000000..986be952 --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_enclave.lds @@ -0,0 +1,11 @@ +libsgx_stub_enclave.so.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + g_peak_rsrv_mem_committed; + local: + *; +}; diff --git a/fuzz/sgx-stub-enclave/sgx_stub_enclave.pem b/fuzz/sgx-stub-enclave/sgx_stub_enclave.pem new file mode 100644 index 00000000..529d07be --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_enclave.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/fuzz/sgx-stub-enclave/sgx_stub_enclave.xml b/fuzz/sgx-stub-enclave/sgx_stub_enclave.xml new file mode 100644 index 00000000..733dc898 --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_enclave.xml @@ -0,0 +1,9 @@ + + 0 + 0 + 0x400000 + 0x1000000 + 10 + 1 + 0 + diff --git a/fuzz/tls_init/CMakeLists.txt b/fuzz/tls_init/CMakeLists.txt index 81360160..7764894c 100644 --- a/fuzz/tls_init/CMakeLists.txt +++ b/fuzz/tls_init/CMakeLists.txt @@ -2,14 +2,53 @@ project(fuzz_init CXX) set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) set(CMAKE_CXX_COMPILER "/usr/bin/clang++") -set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g -fPIE ${CMAKE_CXX_FLAGS}") +set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g ${CMAKE_CXX_FLAGS}") +set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) +if(NOT SGX) + set(CMAKE_CXX_FLAGS "-fPIE ${CMAKE_CXX_FLAGS}") +endif() + + +if(SGX) + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake") + include(CustomInstallDirs) + include(FindRatsTls) + if(NOT RATS_TLS_FOUND) + message(FATAL_ERROR "Failed to find rats_tls!") + endif() + + include(FindSGX) + if(NOT SGX_FOUND) + message(FATAL_ERROR "Failed to find sgx!") + endif() -set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + include(CompilerOptions) + include(SGXCommon) + + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls - ${RATS_TLS_INSTALL_INCLUDE_PATH} ) -set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) -set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) + list(APPEND LIBRARY_DIRS ${CMAKE_BINARY_DIR}/src/sgx/untrust + ${CMAKE_BINARY_DIR}/fuzz/sgx-stub-enclave + ) + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) + set(DEPEND_UNTRUSTED_LIBS ${CMAKE_BINARY_DIR}/src/sgx/untrust/librats_tls_u.a) + +else() + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${RATS_TLS_INSTALL_INCLUDE_PATH} + ${RATS_TLS_INSTALL_INCLUDE_PATH}/edl + ) + set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) +endif() include_directories(${INCLUDE_DIRS}) link_directories(${LIBRARY_DIRS}) @@ -18,8 +57,18 @@ link_directories(${LIBRARY_DIRS}) set(SOURCES fuzz_init.cc) # Generate bin file -add_executable(${PROJECT_NAME} ${SOURCES}) -target_link_libraries(${PROJECT_NAME} rats_tls) +if(SGX) + set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave/sgx_stub.edl) + add_untrusted_executable(${PROJECT_NAME} + SRCS ${SOURCES} + UNTRUSTED_LIBS ${DEPEND_UNTRUSTED_LIBS} + EDL ${EDLS} + EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS}) + add_dependencies(${PROJECT_NAME} sgx_stub_enclave-sign) +else() + add_executable(${PROJECT_NAME} ${SOURCES}) + target_link_libraries(${PROJECT_NAME} rats_tls) +endif() install(TARGETS ${PROJECT_NAME} DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH}) diff --git a/fuzz/tls_init/fuzz_init.cc b/fuzz/tls_init/fuzz_init.cc index 4ddb3f66..c6a44eb7 100644 --- a/fuzz/tls_init/fuzz_init.cc +++ b/fuzz/tls_init/fuzz_init.cc @@ -12,11 +12,61 @@ extern "C" { #include "rats-tls/claim.h" #include "internal/core.h" } + #include #include #define CUSTOM_CLAIMS_SIZE 10 +rats_tls_log_level_t global_log_level = RATS_TLS_LOG_LEVEL_DEFAULT; + +#ifdef SGX + + +#include +#include +#include "sgx_stub_u.h" + +#define ENCLAVE_FILENAME "sgx_stub_enclave.signed.so" + +static sgx_enclave_id_t load_enclave(bool debug_enclave) +{ + sgx_launch_token_t t; + + memset(t, 0, sizeof(t)); + + sgx_enclave_id_t eid; + int updated = 0; + int ret = sgx_create_enclave(ENCLAVE_FILENAME, debug_enclave, &t, &updated, &eid, NULL); + if (ret != SGX_SUCCESS) { + RTLS_ERR("Failed to load enclave %d\n", ret); + return 0; + } + + RTLS_INFO("Success to load enclave with enclave id %ld\n", eid); + + return eid; +} + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ + FuzzedDataProvider fuzzed_data(data , size); + sgx_enclave_id_t enclave_id = load_enclave(fuzzed_data.ConsumeBool()); + if (enclave_id == 0) { + RTLS_ERR("Failed to load sgx stub enclave\n"); + return -1; + } + + unsigned long flags = 0; + int ret = 0; + // ret = ecall_client_startup(); + + return 0; +} + +#endif + +#ifndef SGX extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { rats_tls_conf_t conf; // consume 192 bytes @@ -110,4 +160,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } return 0; -} \ No newline at end of file +} +#endif \ No newline at end of file diff --git a/fuzz/tls_negotiate/CMakeLists.txt b/fuzz/tls_negotiate/CMakeLists.txt new file mode 100644 index 00000000..c1be5c1c --- /dev/null +++ b/fuzz/tls_negotiate/CMakeLists.txt @@ -0,0 +1,30 @@ +project(fuzz_negotiate CXX) + +set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) +set(CMAKE_CXX_COMPILER "/usr/bin/clang++") +set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g ${CMAKE_CXX_FLAGS}") +if(NOT SGX) + set(CMAKE_CXX_FLAGS "-fPIE ${CMAKE_CXX_FLAGS}") +endif() + + +set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${RATS_TLS_INSTALL_INCLUDE_PATH} + ) +set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) +set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) + +include_directories(${INCLUDE_DIRS}) +link_directories(${LIBRARY_DIRS}) + +# Set source file +set(SOURCES fuzz_negotiate.cc) + +# Generate bin file +add_executable(${PROJECT_NAME} ${SOURCES}) +target_link_libraries(${PROJECT_NAME} rats_tls) + +install(TARGETS ${PROJECT_NAME} + DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH}) + diff --git a/fuzz/tls_negotiate/fuzz_negotiate.cc b/fuzz/tls_negotiate/fuzz_negotiate.cc new file mode 100644 index 00000000..92907ce2 --- /dev/null +++ b/fuzz/tls_negotiate/fuzz_negotiate.cc @@ -0,0 +1,163 @@ +/* Copyright (c) 2021 Intel Corporation + * Copyright (c) 2020-2021 Alibaba Cloud + * + * SPDX-License-Identifier: Apache-2.0 + */ + +extern "C" { +#include +#include +#include +#include +#include +#include +#include +#include +#include "rats-tls/api.h" +#include "rats-tls/log.h" +#include "rats-tls/claim.h" +#include "internal/core.h" +#include "internal/crypto_wrapper.h" +#include "internal/attester.h" +#include "internal/verifier.h" +#include "internal/tls_wrapper.h" +} +#include + +#define FUZZ_IP "127.0.0.1" +#define FUZZ_PORT 1234 +#define CUSTOM_CLAIMS_SIZE 10 + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + if (size < sizeof(rats_tls_conf_t) + 10 * sizeof(claim_t) + 50 * 10 + 100) { + return 0; + } + + rats_tls_conf_t conf; // consume 192 bytes + FuzzedDataProvider fuzzed_data(data + sizeof(conf), size - sizeof(conf)); + + char attester_types[10][25] = { "nullattester", "", "sgx_la", "csv", + "sev", "sev_snp", "tdx_ecdsa", "sgx_ecdsa" }; + strcpy(attester_types[8], fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + for (int i = 0; i < 9; i++) { + char verifier_types[10][25] = { "nullverifier", "", "sgx_la", + "csv", "sev", "sev_snp", + "tdx_ecdsa", "tdx_ecdsa", "sgx_ecdsa_qve" }; + strcpy(verifier_types[9], fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + for (int j = 0; j < 10; j++) { + char tls_types[4][25] = { "nulltls", "", "openssl" }; + strcpy(tls_types[3], + fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + for (int k = 0; k < 4; k++) { + char crypto_types[4][25] = { "nullcrypto", "", "openssl" }; + strcpy(crypto_types[3], + fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + for (int l = 0; l < 4; l++) { + memcpy(&conf, + fuzzed_data.ConsumeBytes(sizeof(conf)) + .data(), + sizeof(conf)); + conf.log_level = RATS_TLS_LOG_LEVEL_DEFAULT; + conf.api_version = 0; + + strcpy(conf.attester_type, attester_types[i]); + strcpy(conf.verifier_type, verifier_types[j]); + strcpy(conf.tls_type, tls_types[k]); + strcpy(conf.crypto_type, crypto_types[l]); + + conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; + conf.flags = fuzzed_data.ConsumeIntegral(); + + claim_t custom_claims[CUSTOM_CLAIMS_SIZE]; + std::vector str_lists; + for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { + std::vector vec_str = + fuzzed_data.ConsumeBytesWithTerminator( + 50, '\0'); + std::string str(vec_str.begin(), vec_str.end()); + str_lists.push_back(str); + custom_claims[c].value = + (uint8_t *)str_lists[c].c_str(); + custom_claims[c].value_size = + (strlen(str_lists[c].c_str()) + 1) * + sizeof(char); + if (fuzzed_data.remaining_bytes() <= 0) { + for (int p = 0; p < c; p++) { + free(custom_claims[p].name); + } + return 0; + } + + custom_claims[c].name = (char *)malloc(15); + strcpy(custom_claims[c].name, + fuzzed_data.ConsumeBytesAsString(10).c_str()); + } + conf.custom_claims = (claim_t *)custom_claims; + conf.custom_claims_length = CUSTOM_CLAIMS_SIZE; + + int sockfd = socket(AF_INET, SOCK_STREAM, 0); + if (sockfd < 0) { + // free memory + for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { + free(custom_claims[c].name); + } + continue; + } + + struct sockaddr_in s_addr; + memset(&s_addr, 0, sizeof(s_addr)); + s_addr.sin_family = AF_INET; + s_addr.sin_port = htons(FUZZ_PORT); + + if (inet_pton(AF_INET, FUZZ_IP, &s_addr.sin_addr) != 1) { + // free memory + for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { + free(custom_claims[c].name); + } + continue; + } + + if (connect(sockfd, (struct sockaddr *)&s_addr, + sizeof(s_addr)) == -1) { + // free memory + for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { + free(custom_claims[c].name); + } + continue; + } + + rats_tls_handle handle; + rats_tls_err_t err = rats_tls_init(&conf, &handle); + if (err != RATS_TLS_ERR_NONE) { + // free memory + for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { + free(custom_claims[c].name); + } + continue; + } + rats_tls_negotiate(handle, sockfd); + + // free memory + for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { + free(custom_claims[c].name); + } + } + } + } + } + + return 0; +} \ No newline at end of file diff --git a/fuzz/tls_transmit/CMakeLists.txt b/fuzz/tls_transmit/CMakeLists.txt index a2b64956..b52e1ce4 100644 --- a/fuzz/tls_transmit/CMakeLists.txt +++ b/fuzz/tls_transmit/CMakeLists.txt @@ -2,16 +2,17 @@ project(fuzz_transmit CXX) set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) set(CMAKE_CXX_COMPILER "/usr/bin/clang++") -set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g -fPIE ${CMAKE_CXX_FLAGS}") - - +set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g ${CMAKE_CXX_FLAGS}") +if(NOT SGX) + set(CMAKE_CXX_FLAGS "-fPIE ${CMAKE_CXX_FLAGS}") +endif() set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls ${RATS_TLS_INSTALL_INCLUDE_PATH} ) set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) -set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) +set(RATS_TLS_INSTALL_FUZZ_PATH "/usr/share/rats-tls/fuzz") include_directories(${INCLUDE_DIRS}) link_directories(${LIBRARY_DIRS})