fuzz/*: fuzz rats-tls APIs in SGX mode

use libfuzzer to fuzz rats-tls API `rats_tls_init()`, `rats_tls_negotiate()`, `rats_tls_transmit()`, `rats_tls_receive()`, `rats_tls_cleanup()` in sgx mode. Signed-off-by: Pengyu Chen <[email protected]>
inclavare-containers · Oct 30, 2023 · 1f27728 · 1f27728
1 parent 190181b
commit 1f27728
Show file tree

Hide file tree

Showing 19 changed files with 863 additions and 33 deletions.
diff --git a/cmake/CompilerOptions.cmake b/cmake/CompilerOptions.cmake
@@ -1,5 +1,5 @@
 # Normal and occlum mode
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration")
+# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration")
 set(RATS_TLS_LDFLAGS "-fPIC -Bsymbolic -ldl")
 
 if(OCCLUM)
@@ -12,6 +12,16 @@ else()
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2")
 endif()
 
+if((BUILD_FUZZ) AND (SGX))
+    set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes  -Wno-implicit-function-declaration")
+    set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC -Werror=implicit-function-declaration")
+elseif()
+    set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11")
+    set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration")
+endif()
+
 # SGX mode
 if(SGX)
     if(SGX_HW)
@@ -56,8 +66,8 @@ if(SGX)
         set(ENCLAVE_COMMON_FLAGS "${ENCLAVE_COMMON_FLAGS} -fstack-protector-strong")
     endif()
 
-    set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11")
-    set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11")
+    # set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11")
+    # set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11")
 
     set(ENCLAVE_INCLUDES "${SGX_INCLUDE}" "${SGX_TLIBC_INCLUDE}" "${SGX_LIBCXX_INCLUDE}" "/usr/include")
     set(ENCLAVE_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${ENCLAVE_COMMON_FLAGS}")
@@ -67,3 +77,4 @@ if(SGX)
     set(APP_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${APP_COMMON_FLAGS}")
     set(APP_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_COMMON_CXXFLAGS} ${APP_COMMON_FLAGS}")
 endif()
+
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
@@ -1,4 +1,9 @@
-add_subdirectory(tls_init)
-add_subdirectory(tls_negotiate)
+if(SGX)
+    add_subdirectory(tls_sgx_mode)
+    add_subdirectory(sgx-stub-enclave)
+else()
+    add_subdirectory(tls_init)
+    add_subdirectory(tls_negotiate)
+    add_subdirectory(tls_transmit)
+endif()
 add_subdirectory(tls_server)
-add_subdirectory(tls_transmit)
diff --git a/fuzz/README.md b/fuzz/README.md
@@ -27,6 +27,20 @@ cmake -DRATS_TLS_BUILD_MODE="host" -DBUILD_SAMPLES=on -DBUILD_FUZZ=on -H. -Bbuil
 make -C build install
 ```
 
+For `SGX` mode, the command is little different.
+
+```shell
+cmake -DRATS_TLS_BUILD_MODE="sgx" -DBUILD_SAMPLES=off  -DBUILD_FUZZ=on -H. -Bbuild 
+make -C build install
+```
+
+Attention! If you run fuzz host program before, you should clean the environment and vice versa. 
+
+```bash
+make -C build clean # clean the environment
+rm -rf build
+```
+
 # FUZZ
 
 ## rats_tls_init API
@@ -65,4 +79,17 @@ base64 /dev/urandom | head -c 1500000 > c1
 cd ..
 ./fuzz_server &
 ./fuzz_transmit -max_len=1500000 -len_control=0  corpus # len_control=0 means try genarating input with size up to max_len 
+```
+
+# FUZZ in SGX mode
+
+We integrate the fuzz program for these apis into one program `fuzz_sgx_mode`, start the `fuzz_server` first, and then run `fuzz_sgx_mode` to start fuzz.
+
+```shell
+cd /usr/share/rats_tls/fuzz/
+mkdir corpus && cd corpus  # create corpus dir and fill in random string
+base64 /dev/urandom | head -c 1500000 > c1
+cd ..
+./fuzz_server &
+./fuzz_sgx_mode -max_len=1500000 -len_control=0  corpus 
 ```
diff --git a/fuzz/sgx-stub-enclave/CMakeLists.txt b/fuzz/sgx-stub-enclave/CMakeLists.txt
@@ -0,0 +1,83 @@
+# Project name
+project(sgx-stub-enclave CXX)
+
+set(CMAKE_CXX_COMPILER "/usr/bin/clang++")
+set(CMAKE_CXX_FLAGS "-g ${CMAKE_CXX_FLAGS}")
+set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz)
+
+if((BUILD_SAMPLES) OR (BUILD_FUZZ))
+    set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/include
+                     )
+
+    set(LIBRARY_DIRS ${INTEL_SGXSSL_LIB_PATH}
+                     ${LIBCBOR_LIB_PATH}
+                     ${CMAKE_BINARY_DIR}/src
+                     ${CMAKE_BINARY_DIR}/src/crypto_wrappers/nullcrypto
+                     ${CMAKE_BINARY_DIR}/src/crypto_wrappers/openssl
+                     ${CMAKE_BINARY_DIR}/src/tls_wrappers/nulltls
+                     ${CMAKE_BINARY_DIR}/src/tls_wrappers/openssl
+                     ${CMAKE_BINARY_DIR}/src/verifiers/nullverifier
+                     ${CMAKE_BINARY_DIR}/src/verifiers/sgx-ecdsa-qve
+                     ${CMAKE_BINARY_DIR}/src/verifiers/tdx-ecdsa
+                     ${CMAKE_BINARY_DIR}/src/verifiers/sgx-la
+                     ${CMAKE_BINARY_DIR}/src/attesters/nullattester
+                     ${CMAKE_BINARY_DIR}/src/attesters/sgx-ecdsa
+                     ${CMAKE_BINARY_DIR}/src/attesters/sgx-la
+                     )
+
+    set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}
+                         ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
+                         )
+else()
+    list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+    include(CustomInstallDirs)
+    include(FindRatsTls)
+    if(NOT RATS_TLS_FOUND)
+        message(FATAL_ERROR "Failed to find rats_tls!")
+    endif()
+    include(FindSGX)
+    if(NOT SGX_FOUND)
+        message(FATAL_ERROR "Failed to find sgx!")
+    endif()
+    include(CompilerOptions)
+    include(SGXCommon)
+
+    set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
+                     ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl)
+
+    set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH})
+
+    set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl)
+endif()
+
+include_directories(${INCLUDE_DIRS})
+link_directories(${LIBRARY_DIRS})
+
+set(E_SRCS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_ecall.c)
+set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub.edl)
+set(LDS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_enclave.lds)
+set(DEPEND_TRUSTED_LIBS crypto_wrapper_nullcrypto
+                        crypto_wrapper_openssl
+                        tls_wrapper_nulltls
+                        tls_wrapper_openssl
+                        attester_nullattester
+                        attester_sgx_ecdsa
+                        attester_sgx_la
+                        verifier_nullverifier
+                        verifier_sgx_la
+                        verifier_sgx_ecdsa_qve
+                        verifier_tdx_ecdsa
+                        rats_tls
+                        cbor
+                        )
+
+add_enclave_library(sgx_stub_enclave SRCS ${E_SRCS} EDL ${EDLS} TRUSTED_LIBS ${DEPEND_TRUSTED_LIBS} EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS} LDSCRIPT ${LDS})
+enclave_sign(sgx_stub_enclave KEY sgx_stub_enclave.pem CONFIG sgx_stub_enclave.xml) 
+add_dependencies(sgx_stub_enclave rats_tls)
+
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/sgx_stub_enclave.signed.so
+        DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH})
diff --git a/fuzz/sgx-stub-enclave/sgx_stub.edl b/fuzz/sgx-stub-enclave/sgx_stub.edl
@@ -0,0 +1,32 @@
+enclave {
+        include "rats-tls/api.h"
+        include "internal/core.h"
+        include "sgx_eid.h"
+
+        from "../../src/include/edl/rtls.edl" import *;
+        from "sgx_tsgxssl.edl" import *;
+
+        trusted {
+            public int ecall_client_startup(
+                                rats_tls_log_level_t log_level,
+                                [in, out] char *fuzz_conf_bytes,
+                                [in, string] char *attester_type,
+                                [in, string] char *verifier_type,
+                                [in, string] char *tls_type,
+                                [in, string] char *crypto_type,
+                                unsigned long flags,
+                                uint32_t s_ip,
+                                uint16_t s_port
+                                );
+
+            public int ecall_server_startup(
+                                rats_tls_log_level_t log_level,
+                                [in, string] char *attester_type,
+                                [in, string] char *verifier_type,
+                                [in, string] char *tls_type,
+                                [in, string] char *crypto_type,
+                                unsigned long flags,
+                                uint32_t s_ip,
+                                uint16_t s_port);
+        };
+};