From cf1d777f176f8549f33a1c50d978f67b1b0bff40 Mon Sep 17 00:00:00 2001 From: Pengyu Chen Date: Sat, 11 Nov 2023 15:55:42 +0800 Subject: [PATCH] temporary storage, it wouldbe delete when finished --- fuzz/sgx-stub-enclave/sgx_stub_ecall.c | 333 +++++++++++++++++++++---- fuzz/tls_sgx_mode/fuzz_sgx_mode.cc | 9 +- 2 files changed, 283 insertions(+), 59 deletions(-) diff --git a/fuzz/sgx-stub-enclave/sgx_stub_ecall.c b/fuzz/sgx-stub-enclave/sgx_stub_ecall.c index b6f657d..c1ca2c6 100644 --- a/fuzz/sgx-stub-enclave/sgx_stub_ecall.c +++ b/fuzz/sgx-stub-enclave/sgx_stub_ecall.c @@ -18,7 +18,7 @@ int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, { rats_tls_conf_t conf; memset(&conf, 0, sizeof(rats_tls_conf_t)); - + snprintf(conf.attester_type, sizeof(conf.attester_type), "%s", attester_type); snprintf(conf.verifier_type, sizeof(conf.verifier_type), "%s", verifier_type); snprintf(conf.tls_type, sizeof(conf.tls_type), "%s", tls_type); @@ -26,74 +26,149 @@ int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, conf.flags = flags; conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; - RTLS_INFO("Enter the client \n"); - - claim_t custom_claims[2] = { - { .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") }, - { .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") }, - }; - conf.custom_claims = (claim_t *)custom_claims; - conf.custom_claims_length = 2; - - /* Create a socket that uses an internet IPv4 address, - * Sets the socket to be stream based (TCP), - * 0 means choose the default protocol. - */ - + //claim_t custom_claims[2] = { + //{ .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") }, + //{ .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") }, + //}; + //conf.custom_claims = (claim_t *)custom_claims; + //conf.custom_claims_length = 2; + + ///* Create a socket that uses an internet IPv4 address, + //* Sets the socket to be stream based (TCP), + //* 0 means choose the default protocol. + //*/ + + //int64_t sockfd; + //int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); + //if (sgx_status != SGX_SUCCESS || sockfd < 0) { + //// RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + //return -1; + //} + + //struct rtls_sockaddr_in s_addr; + //memset(&s_addr, 0, sizeof(s_addr)); + //s_addr.sin_family = RTLS_AF_INET; + //s_addr.sin_addr.s_addr = s_ip; + //s_addr.sin_port = s_port; + + ///* Connect to the server */ + //int ocall_ret = 0; + //sgx_status = ocall_connect(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); + //if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { + //RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret); + //ocall_close(&ocall_ret,sockfd); + //return -1; + //} + + ///* rats-tls init */ + //librats_tls_init(); + //rats_tls_handle handle; + //rats_tls_err_t ret = rats_tls_init(&conf, &handle); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + //ocall_close(&ocall_ret,sockfd); + //return -1; + //} + //RTLS_ERR("start to negotiate\n"); + + //ret = rats_tls_negotiate(handle, (int)sockfd); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to negotiate %#x\n", ret); + //ocall_close(&ocall_ret,sockfd); + //return -1; + //} + + //const char *msg = "Hello and welcome to RATS-TLS!\n"; + //size_t len = strlen(msg); + //RTLS_INFO("Start to transmit \n"); + //ret = rats_tls_transmit(handle, (void *)msg, &len); + //if (ret != RATS_TLS_ERR_NONE || len != strlen(msg)) { + //RTLS_ERR("Failed to transmit %#x\n", ret); + //ocall_close(&ocall_ret,sockfd); + //goto err; + //} + + //ret = rats_tls_cleanup(handle); + //ocall_close(&ocall_ret,sockfd); + //if (ret != RATS_TLS_ERR_NONE) + //RTLS_ERR("Failed to cleanup %#x\n", ret); + + //return 0; + +//err: + //rats_tls_cleanup(handle); + //return -1; int64_t sockfd; int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); if (sgx_status != SGX_SUCCESS || sockfd < 0) { - // RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); return -1; } - struct rtls_sockaddr_in s_addr; memset(&s_addr, 0, sizeof(s_addr)); s_addr.sin_family = RTLS_AF_INET; s_addr.sin_addr.s_addr = s_ip; s_addr.sin_port = s_port; + /* Connect to the server */ int ocall_ret = 0; sgx_status = ocall_connect(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { - // RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret); + RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret); return -1; } + RTLS_ERR("Enclave Mark3\n"); - // RTLS_INFO("Enter the init \n"); /* rats-tls init */ librats_tls_init(); rats_tls_handle handle; + RTLS_ERR("Enclave Mark4\n"); rats_tls_err_t ret = rats_tls_init(&conf, &handle); if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + RTLS_ERR("Failed to initialize rats tls %#x\n", ret); return -1; } - // RTLS_INFO("start to negotiate\n"); - + RTLS_ERR("Enclave Mark5\n"); ret = rats_tls_negotiate(handle, (int)sockfd); if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to negotiate %#x\n", ret); - return -1; - } - - const char *msg = "Hello and welcome to RATS-TLS!\n"; - size_t len = strlen(msg); - // RTLS_INFO("Enter the transmit \n"); - ret = rats_tls_transmit(handle, (void *)msg, &len); - if (ret != RATS_TLS_ERR_NONE || len != strlen(msg)) { - // RTLS_ERR("Failed to transmit %#x\n", ret); + RTLS_ERR("Failed to negotiate %#x\n", ret); goto err; } - - ret = rats_tls_cleanup(handle); - if (ret != RATS_TLS_ERR_NONE) - // RTLS_ERR("Failed to cleanup %#x\n", ret); - - return 0; + RTLS_ERR("----Finish to nego\n"); + + const char *msg; + msg = "Hello and welcome to RATS-TLS!\n"; + + //size_t len = strlen(msg); + //ret = rats_tls_transmit(handle, (void *)msg, &len); + //if (ret != RATS_TLS_ERR_NONE || len != strlen(msg)) { + //RTLS_ERR("Failed to transmit %#x\n", ret); + //goto err; + //} + + //char buf[256]; + //len = sizeof(buf); + //ret = rats_tls_receive(handle, buf, &len); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to receive %#x\n", ret); + //goto err; + //} + + //if (len >= sizeof(buf)) + //len = sizeof(buf) - 1; + //buf[len] = '\0'; + + //RTLS_INFO("Server: %s\n", buf); + + // ret = rats_tls_cleanup(handle); + // if (ret != RATS_TLS_ERR_NONE) + // RTLS_ERR("Failed to cleanup %#x\n", ret); + rats_tls_cleanup(handle); + return ret; err: + /* Ignore the error code of cleanup in order to return the prepositional error */ rats_tls_cleanup(handle); return -1; } @@ -121,14 +196,134 @@ int ecall_server_startup(rats_tls_log_level_t log_level, char *attester_type, ch conf.custom_claims = (claim_t *)custom_claims; conf.custom_claims_length = 2; + //int64_t sockfd; + //int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); + //if (sgx_status != SGX_SUCCESS || sockfd < 0) { + //RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + //return -1; + //} + + //int ocall_ret = 0; + + //struct rtls_sockaddr_in s_addr; + //memset(&s_addr, 0, sizeof(s_addr)); + //s_addr.sin_family = RTLS_AF_INET; + //s_addr.sin_addr.s_addr = s_ip; + //s_addr.sin_port = s_port; + + ///* Bind the server socket */ + //sgx_status = ocall_bind(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); + //if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { + //RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret); + //return -1; + //} + + ///* Listen for a new connection, allow 5 pending connections */ + //sgx_status = ocall_listen(&ocall_ret, sockfd, 5); + //if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { + //RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret); + //return -1; + //} + + //librats_tls_init(); + //rats_tls_handle handle; + //rats_tls_err_t ret = rats_tls_init(&conf, &handle); + //if (ret != RATS_TLS_ERR_NONE) { + //// RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + //return -1; + //} + + //struct rtls_sockaddr_in c_addr; + //uint32_t addrlen_in = sizeof(c_addr); + //uint32_t addrlen_out; + //while (1) { + //// RTLS_INFO("Waiting for a connection ...\n"); + + //int64_t connd; + //sgx_status = ocall_accept(&connd, sockfd, &c_addr, addrlen_in, &addrlen_out); + //if (sgx_status != SGX_SUCCESS || connd < 0) { + //RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd); + //return -1; + //} + //// RTLS_INFO("Before negotiate ! \n"); + //ret = rats_tls_negotiate(handle, connd); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to negotiate %#x\n", ret); + //goto err; + //} + + //// char buf[256]; + //// size_t len = sizeof(buf); + //// ret = rats_tls_receive(handle, buf, &len); + //// if (ret != RATS_TLS_ERR_NONE) { + //// RTLS_ERR("Failed to receive %#x\n", ret); + //// goto err; + //// } + + //// if (len >= sizeof(buf)) + //// len = sizeof(buf) - 1; + //// buf[len] = '\0'; + + //// RTLS_INFO("Client : %s\n",buf); + + + //ocall_close(&ocall_ret, connd); + //} + + //return 0; +//err: + ///* Ignore the error code of cleanup in order to return the prepositional error */ + //rats_tls_cleanup(handle); + //return -1; + int64_t sockfd; int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); if (sgx_status != SGX_SUCCESS || sockfd < 0) { - // RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); return -1; } + int reuse = 1; int ocall_ret = 0; + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_REUSEADDR, + (const void *)&reuse, sizeof(int)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + /* Set keepalive options */ + int flag = 1; + int tcp_keepalive_time = 30; + int tcp_keepalive_intvl = 10; + int tcp_keepalive_probes = 5; + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_KEEPALIVE, &flag, + sizeof(flag)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPIDLE, + &tcp_keepalive_time, sizeof(tcp_keepalive_time)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPINTVL, + &tcp_keepalive_intvl, sizeof(tcp_keepalive_intvl)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPCNT, + &tcp_keepalive_probes, sizeof(tcp_keepalive_probes)); + if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + return -1; + } struct rtls_sockaddr_in s_addr; memset(&s_addr, 0, sizeof(s_addr)); @@ -139,52 +334,80 @@ int ecall_server_startup(rats_tls_log_level_t log_level, char *attester_type, ch /* Bind the server socket */ sgx_status = ocall_bind(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { - // RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret); + RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret); return -1; } /* Listen for a new connection, allow 5 pending connections */ sgx_status = ocall_listen(&ocall_ret, sockfd, 5); if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { - // RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret); + RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret); return -1; } + /* rats-tls init */ librats_tls_init(); rats_tls_handle handle; rats_tls_err_t ret = rats_tls_init(&conf, &handle); if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + RTLS_ERR("Failed to initialize rats tls %#x\n", ret); return -1; } + // ret = rats_tls_set_verification_callback(&handle, NULL); + // if (ret != RATS_TLS_ERR_NONE) { + // RTLS_ERR("Failed to set verification callback %#x\n", ret); + // return -1; + // } + + /* Accept client connections */ struct rtls_sockaddr_in c_addr; uint32_t addrlen_in = sizeof(c_addr); uint32_t addrlen_out; while (1) { - // RTLS_INFO("Waiting for a connection ...\n"); + RTLS_INFO("Waiting for a connection ...\n"); int64_t connd; sgx_status = ocall_accept(&connd, sockfd, &c_addr, addrlen_in, &addrlen_out); if (sgx_status != SGX_SUCCESS || connd < 0) { - // RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd); + RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd); return -1; } + // RTLS_INFO("Accept successful, the connd and sockfd is %d %d\n",connd,sockfd); - ret = rats_tls_negotiate(handle, connd); - if (ret != RATS_TLS_ERR_NONE) { - // RTLS_ERR("Failed to negotiate %#x\n", ret); - goto err; - } + //ret = rats_tls_negotiate(handle, connd); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to negotiate %#x\n", ret); + //goto err; + //} + + //RTLS_DEBUG("Client connected successfully\n"); + + //char buf[256]; + //size_t len = sizeof(buf); + //ret = rats_tls_receive(handle, buf, &len); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to receive %#x\n", ret); + //goto err; + //} - // RTLS_INFO("Client connected successfully\n"); + //if (len >= sizeof(buf)) + //len = sizeof(buf) - 1; + //buf[len] = '\0'; + + //RTLS_INFO("Client: %s\n", buf); + + ///* Reply back to the client */ + //ret = rats_tls_transmit(handle, buf, &len); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to transmit %#x\n", ret); + //goto err; + //} ocall_close(&ocall_ret, connd); } return 0; -err: - /* Ignore the error code of cleanup in order to return the prepositional error */ - rats_tls_cleanup(handle); - return -1; -} + + +} \ No newline at end of file diff --git a/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc b/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc index 956cc7d..2027b99 100644 --- a/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc +++ b/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc @@ -96,11 +96,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) strcpy(tls_type, "openssl"); strcpy(crypto_type, "openssl"); - unsigned long flags = fuzzed_data.ConsumeIntegral(); - flags |= RATS_TLS_CONF_FLAGS_MUTUAL; + // unsigned long flags = fuzzed_data.ConsumeIntegral(); + unsigned long flags = 0; + flags |= RATS_TLS_CONF_FLAGS_MUTUAL ; int ret = 0; - rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO; - + rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_DEBUG; + int sgx_status = ecall_client_startup( (sgx_enclave_id_t)enclave_id, &ret, log_level, fuzz_conf_bytes, attester_type, verifier_type,