Google Git
Sign in
gn / gn / ea3dc4260d7ce9eb58f285adf531801722df70c2 / . / testing / libfuzzer / fuzzers / libsrtp_fuzzer.cc
blob: 7170b258cf1e04ba0b3f4ac788b186944667486f [file] [log] [blame]
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <algorithm>
#include <vector>
#include "third_party/libsrtp/include/srtp.h"
#include "third_party/libsrtp/include/srtp_priv.h"
#include "third_party/libsrtp/test/rtp.h"
// TODO(katrielc) Also test the authenticated path, which is what
// WebRTC uses. This is nontrivial because you need to bypass the MAC
// check. Two options: add a UNSAFE_FUZZER_MODE flag to libsrtp (or
// the chromium fork of it), or compute the HMAC of whatever gibberish
// the fuzzer produces and write it into the packet manually.
namespace LibSrtpFuzzer {
enum CryptoPolicy {
NONE,
LIKE_WEBRTC,
LIKE_WEBRTC_SHORT_AUTH,
LIKE_WEBRTC_WITHOUT_AUTH,
AES_128_GCM,
AES_256_GCM,
NUMBER_OF_POLICIES,
};
}
static size_t GetKeyLength(LibSrtpFuzzer::CryptoPolicy crypto_policy) {
switch (crypto_policy) {
case LibSrtpFuzzer::NUMBER_OF_POLICIES:
case LibSrtpFuzzer::NONE:
return 0;
case LibSrtpFuzzer::LIKE_WEBRTC:
case LibSrtpFuzzer::LIKE_WEBRTC_SHORT_AUTH:
case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH:
return SRTP_AES_ICM_128_KEY_LEN_WSALT;
case LibSrtpFuzzer::AES_128_GCM:
return SRTP_AES_GCM_128_KEY_LEN_WSALT;
case LibSrtpFuzzer::AES_256_GCM:
return SRTP_AES_GCM_256_KEY_LEN_WSALT;
}
}
struct Environment {
srtp_policy_t GetCryptoPolicy(LibSrtpFuzzer::CryptoPolicy crypto_policy,
const unsigned char* replacement_key,
size_t key_length) {
switch (crypto_policy) {
case LibSrtpFuzzer::NUMBER_OF_POLICIES:
case LibSrtpFuzzer::NONE:
srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtp);
srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtcp);
break;
case LibSrtpFuzzer::LIKE_WEBRTC:
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
break;
case LibSrtpFuzzer::LIKE_WEBRTC_SHORT_AUTH:
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtcp);
break;
case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH:
srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtcp);
break;
case LibSrtpFuzzer::AES_128_GCM:
// There was a security bug in the GCM mode in libsrtp 1.5.2.
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
break;
case LibSrtpFuzzer::AES_256_GCM:
// WebRTC uses AES-256-GCM by default if GCM ciphers are enabled.
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
break;
}
assert(static_cast<size_t>(policy.rtp.cipher_key_len) == key_length);
assert(static_cast<size_t>(policy.rtcp.cipher_key_len) == key_length);
memcpy(key, replacement_key, key_length);
return policy;
};
Environment() {
srtp_init();
memset(&policy, 0, sizeof(policy));
policy.allow_repeat_tx = 1;
policy.ekt = nullptr;
policy.key = key;
policy.next = nullptr;
policy.ssrc.type = ssrc_any_inbound;
policy.ssrc.value = 0xdeadbeef;
policy.window_size = 1024;
}
private:
srtp_policy_t policy;
unsigned char key[SRTP_MAX_KEY_LEN] = {0};
static void srtp_crypto_policy_set_null_cipher_null_auth(
srtp_crypto_policy_t* p) {
p->cipher_type = SRTP_NULL_CIPHER;
p->cipher_key_len = 0;
p->auth_type = SRTP_NULL_AUTH;
p->auth_key_len = 0;
p->auth_tag_len = 0;
p->sec_serv = sec_serv_none;
};
};
size_t ReadLength(const uint8_t* data, size_t size) {
// Read one byte of input and interpret it as a length to read from
// data. Don't return more bytes than are available.
size_t n = static_cast<size_t>(data[0]);
return std::min(n, size - 1);
}
Environment* env = new Environment();
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
// Read one byte and use it to choose a crypto policy.
if (size <= 2 + SRTP_MAX_KEY_LEN)
return 0;
LibSrtpFuzzer::CryptoPolicy policy = static_cast<LibSrtpFuzzer::CryptoPolicy>(
data[0] % LibSrtpFuzzer::NUMBER_OF_POLICIES);
data += 1;
size -= 1;
// Read some more bytes to use as a key.
size_t key_length = GetKeyLength(policy);
srtp_policy_t srtp_policy = env->GetCryptoPolicy(policy, data, key_length);
data += SRTP_MAX_KEY_LEN;
size -= SRTP_MAX_KEY_LEN;
// Read one byte and use as number of encrypted header extensions.
uint8_t num_encrypted_headers = data[0];
data += 1;
size -= 1;
if (num_encrypted_headers > 0) {
// Use next bytes as extension ids.
if (size <= num_encrypted_headers)
return 0;
srtp_policy.enc_xtn_hdr_count = static_cast<int>(num_encrypted_headers);
srtp_policy.enc_xtn_hdr =
static_cast<int*>(malloc(srtp_policy.enc_xtn_hdr_count * sizeof(int)));
assert(srtp_policy.enc_xtn_hdr);
for (int i = 0; i < srtp_policy.enc_xtn_hdr_count; ++i) {
srtp_policy.enc_xtn_hdr[i] = static_cast<int>(data[i]);
}
data += srtp_policy.enc_xtn_hdr_count;
size -= srtp_policy.enc_xtn_hdr_count;
}
srtp_t session;
srtp_err_status_t error = srtp_create(&session, &srtp_policy);
free(srtp_policy.enc_xtn_hdr);
if (error != srtp_err_status_ok) {
assert(false);
return 0;
}
// Read one byte as a packet length N, then feed the next N bytes
// into srtp_unprotect. Keep going until we run out of data.
size_t packet_size;
while (size > 0 && (packet_size = ReadLength(data, size)) > 0) {
// One byte was used by ReadLength.
data++;
size--;
size_t header_size = std::min(sizeof(srtp_hdr_t), packet_size);
size_t body_size = packet_size - header_size;
// We deliberately do not initialise this struct. MSAN will catch
// usage of the uninitialised memory.
rtp_msg_t message;
memcpy(&message.header, data, header_size);
memcpy(&message.body, data + header_size, body_size);
int out_len = static_cast<int>(packet_size);
srtp_unprotect(session, &message, &out_len);
// |packet_size| bytes were used above.
data += packet_size;
size -= packet_size;
}
srtp_dealloc(session);
return 0;
}