| /* Copyright 2021 Google LLC |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| http://www.apache.org/licenses/LICENSE-2.0 |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| |
| #include "config.h" |
| #include "syshead.h" |
| |
| #include <openssl/x509.h> |
| #include <openssl/x509v3.h> |
| #include <openssl/ssl.h> |
| #include <openssl/err.h> |
| |
| #include "fuzz_verify_cert.h" |
| #include "misc.h" |
| #include "manage.h" |
| #include "otime.h" |
| #include "base64.h" |
| #include "ssl_verify.h" |
| #include "ssl_verify_backend.h" |
| |
| #include "fuzz_randomizer.h" |
| |
| static void key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, |
| size_t key_len) { |
| const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); |
| |
| /* Only use implicit IV in AEAD cipher mode, where HMAC key is not used */ |
| if (cipher_kt_mode_aead(cipher_kt)) { |
| size_t impl_iv_len = 0; |
| ASSERT(cipher_kt_iv_size(cipher_kt) >= OPENVPN_AEAD_MIN_IV_LEN); |
| impl_iv_len = cipher_kt_iv_size(cipher_kt) - sizeof(packet_id_type); |
| ASSERT(impl_iv_len <= OPENVPN_MAX_IV_LENGTH); |
| ASSERT(impl_iv_len <= key_len); |
| memcpy(ctx->implicit_iv, key, impl_iv_len); |
| ctx->implicit_iv_len = impl_iv_len; |
| } |
| } |
| |
| static int init_frame(struct frame *frame) { |
| frame->link_mtu = fuzz_randomizer_get_int(100, 1000); |
| frame->extra_buffer = fuzz_randomizer_get_int(100, 1000); |
| frame->link_mtu_dynamic = fuzz_randomizer_get_int(100, 1000); |
| frame->extra_frame = fuzz_randomizer_get_int(100, 1000); |
| frame->extra_tun = fuzz_randomizer_get_int(100, 1000); |
| frame->extra_link = fuzz_randomizer_get_int(100, 1000); |
| frame->align_flags = 0; |
| frame->align_adjust = 0; |
| if (TUN_MTU_SIZE(frame) <= 0) { |
| return -1; |
| } |
| return 0; |
| } |
| |
| int LLVMFuzzerInitialize(int *argc, char ***argv) { |
| OPENSSL_malloc_init(); |
| SSL_library_init(); |
| ERR_load_crypto_strings(); |
| |
| OpenSSL_add_all_algorithms(); |
| OpenSSL_add_ssl_algorithms(); |
| |
| SSL_load_error_strings(); |
| return 0; |
| } |
| |
| int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
| fuzz_random_init(data, size); |
| fuzz_success = 1; |
| bool key_ctx_dec_initialized = false; |
| bool key_ctx_enc_initialized = false; |
| struct key_ctx key_ctx_dec; |
| memset(&key_ctx_dec, 0, sizeof(struct key_ctx)); |
| struct key_ctx key_ctx_enc; |
| memset(&key_ctx_enc, 0, sizeof(struct key_ctx)); |
| |
| struct gc_arena gc; |
| struct tls_session *session = NULL; |
| X509 *x509 = NULL; |
| gc = gc_new(); |
| |
| gb_init(); |
| |
| // Read key file |
| struct key2 key2; |
| char *keydata = gb_get_random_string(); |
| read_key_file(&key2, keydata, RKF_INLINE); |
| |
| // init key type |
| struct key_type kt; |
| memset(&kt, 0, sizeof(struct key_type)); |
| |
| char *ciphername = gb_get_random_string(); |
| char *authname = gb_get_random_string(); |
| bool key_type_initialized = false; |
| |
| if (strcmp(ciphername, "AES-256-GCM") == 0 || |
| strcmp(ciphername, "AES-128-GCM") == 0 || |
| strcmp(ciphername, "AES-192-GCM") == 0 || |
| strcmp(ciphername, "CAMELLIA-128-CFB128") == 0) { |
| |
| int v = fuzz_randomizer_get_int(0, 1); |
| if (v == 0) { |
| init_key_type(&kt, ciphername, authname, true, 0); |
| } else { |
| init_key_type(&kt, ciphername, authname, false, 0); |
| } |
| key_type_initialized = true; |
| } |
| |
| if (fuzz_success == 0) { |
| goto cleanup; |
| } |
| |
| // Generate key. |
| // Identify which one we should do, read or generate a random key. |
| int c = fuzz_randomizer_get_int(0, 1); |
| const uint8_t d[1024]; |
| int key_read = 0; |
| struct key key; |
| if (c == 0) { |
| if (fuzz_get_random_data(d, 1024) != 1024) { |
| struct buffer buf = alloc_buf(1024); |
| buf_write(&buf, d, 1024); |
| if (read_key(&key, &kt, &buf) == 1) { |
| key_read = 1; |
| } |
| free_buf(&buf); |
| } |
| } |
| else { |
| if (key_type_initialized == true) { |
| generate_key_random(&key, &kt); |
| } |
| } |
| |
| if (fuzz_success == 0) { |
| goto cleanup; |
| } |
| key_read = 1; |
| |
| // init decryption context |
| if (key_type_initialized && key_read) { |
| init_key_ctx(&key_ctx_dec, &key, &kt, OPENVPN_OP_DECRYPT, "x"); |
| key_ctx_update_implicit_iv(&key_ctx_dec, &(key.hmac), MAX_HMAC_KEY_LENGTH); |
| key_ctx_dec_initialized = true; |
| } |
| |
| // init encryption context |
| if (key_type_initialized && key_read) { |
| init_key_ctx(&key_ctx_enc, &key, &kt, OPENVPN_OP_DECRYPT, "x"); |
| key_ctx_update_implicit_iv(&key_ctx_enc, &(key.hmac), MAX_HMAC_KEY_LENGTH); |
| key_ctx_enc_initialized = true; |
| } |
| |
| // perform encryption |
| struct frame frame; |
| memset(&frame, 0, sizeof(struct frame)); |
| if (key_ctx_enc_initialized == true && key_ctx_dec_initialized == true && |
| init_frame(&frame) == 0) { |
| struct crypto_options opt; |
| memset(&opt, 0, sizeof(opt)); |
| opt.pid_persist = NULL; |
| opt.key_ctx_bi.encrypt = key_ctx_enc; |
| opt.key_ctx_bi.decrypt = key_ctx_dec; |
| opt.key_ctx_bi.initialized = true; |
| opt.packet_id.rec.initialized = true; |
| opt.packet_id.rec.seq_list = NULL; |
| opt.packet_id.rec.name = NULL; |
| |
| void *buf_p; |
| |
| struct buffer encrypt_workspace = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); |
| struct buffer work = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); |
| struct buffer src = alloc_buf_gc(TUN_MTU_SIZE(&(frame)), &gc); |
| struct buffer buf = clear_buf(); |
| |
| int x = fuzz_randomizer_get_int(1, TUN_MTU_SIZE(&frame)); |
| |
| ASSERT(buf_init(&work, FRAME_HEADROOM(&(frame)))); |
| ASSERT(buf_init(&src, 0)); |
| src.len = x; |
| ASSERT(rand_bytes(BPTR(&src), BLEN(&src))); |
| |
| buf = work; |
| buf_p = buf_write_alloc(&buf, BLEN(&src)); |
| ASSERT(buf_p); |
| memcpy(buf_p, BPTR(&src), BLEN(&src)); |
| |
| ASSERT(buf_init(&encrypt_workspace, FRAME_HEADROOM(&(frame)))); |
| |
| openvpn_encrypt(&buf, encrypt_workspace, &opt); |
| } |
| |
| // perform decryption |
| memset(&frame, 0, sizeof(struct frame)); |
| if (key_ctx_dec_initialized == true && key_ctx_enc_initialized == true && |
| init_frame(&frame) == 0) { |
| struct crypto_options opt; |
| memset(&opt, 0, sizeof(opt)); |
| opt.pid_persist = NULL; |
| opt.key_ctx_bi.encrypt = key_ctx_enc; |
| opt.key_ctx_bi.decrypt = key_ctx_dec; |
| opt.key_ctx_bi.initialized = true; |
| opt.packet_id.rec.initialized = true; |
| opt.packet_id.rec.seq_list = NULL; |
| opt.packet_id.rec.name = NULL; |
| |
| void *buf_p; |
| |
| struct buffer decrypt_workspace = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); |
| struct buffer work = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); |
| struct buffer src = alloc_buf_gc(TUN_MTU_SIZE(&(frame)), &gc); |
| struct buffer buf = clear_buf(); |
| |
| int x = fuzz_randomizer_get_int(1, TUN_MTU_SIZE(&frame)); |
| |
| ASSERT(buf_init(&work, FRAME_HEADROOM(&(frame)))); |
| ASSERT(buf_init(&src, 0)); |
| src.len = x; |
| ASSERT(rand_bytes(BPTR(&src), BLEN(&src))); |
| |
| buf = work; |
| buf_p = buf_write_alloc(&buf, BLEN(&src)); |
| ASSERT(buf_p); |
| memcpy(buf_p, BPTR(&src), BLEN(&src)); |
| |
| ASSERT(buf_init(&decrypt_workspace, FRAME_HEADROOM(&(frame)))); |
| |
| openvpn_decrypt(&buf, decrypt_workspace, &opt, &frame, BPTR(&buf)); |
| } |
| |
| cleanup: |
| // cleanup |
| gc_free(&gc); |
| |
| if (key_ctx_dec_initialized == true) { |
| free_key_ctx(&key_ctx_dec); |
| } |
| |
| if (key_ctx_enc_initialized == true) { |
| free_key_ctx(&key_ctx_enc); |
| } |
| fuzz_random_destroy(); |
| |
| gb_cleanup(); |
| |
| return 0; |
| } |
