From 1f27728027ca78dc201057440175a55d3b7320b2 Mon Sep 17 00:00:00 2001 From: Pengyu Chen Date: Mon, 30 Oct 2023 20:14:28 +0800 Subject: [PATCH] fuzz/*: fuzz rats-tls APIs in SGX mode use libfuzzer to fuzz rats-tls API `rats_tls_init()`, `rats_tls_negotiate()`, `rats_tls_transmit()`, `rats_tls_receive()`, `rats_tls_cleanup()` in sgx mode. Signed-off-by: Pengyu Chen --- cmake/CompilerOptions.cmake | 17 +- fuzz/CMakeLists.txt | 11 +- fuzz/README.md | 27 +++ fuzz/sgx-stub-enclave/CMakeLists.txt | 83 +++++++ fuzz/sgx-stub-enclave/sgx_stub.edl | 32 +++ fuzz/sgx-stub-enclave/sgx_stub_ecall.c | 250 +++++++++++++++++++++ fuzz/sgx-stub-enclave/sgx_stub_ecall.h | 3 + fuzz/sgx-stub-enclave/sgx_stub_enclave.lds | 11 + fuzz/sgx-stub-enclave/sgx_stub_enclave.pem | 39 ++++ fuzz/sgx-stub-enclave/sgx_stub_enclave.xml | 9 + fuzz/tls_init/CMakeLists.txt | 60 ++++- fuzz/tls_init/fuzz_init.cc | 5 +- fuzz/tls_negotiate/fuzz_negotiate.cc | 3 +- fuzz/tls_server/CMakeLists.txt | 55 ++++- fuzz/tls_server/fuzz_server.cc | 67 +++++- fuzz/tls_sgx_mode/CMakeLists.txt | 55 +++++ fuzz/tls_sgx_mode/fuzz_sgx_mode.cc | 151 +++++++++++++ fuzz/tls_transmit/CMakeLists.txt | 5 +- fuzz/tls_transmit/fuzz_transmit.cc | 13 +- 19 files changed, 863 insertions(+), 33 deletions(-) create mode 100644 fuzz/sgx-stub-enclave/CMakeLists.txt create mode 100644 fuzz/sgx-stub-enclave/sgx_stub.edl create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_ecall.c create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_ecall.h create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_enclave.lds create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_enclave.pem create mode 100644 fuzz/sgx-stub-enclave/sgx_stub_enclave.xml create mode 100644 fuzz/tls_sgx_mode/CMakeLists.txt create mode 100644 fuzz/tls_sgx_mode/fuzz_sgx_mode.cc diff --git a/cmake/CompilerOptions.cmake b/cmake/CompilerOptions.cmake index 29f7e5d7..b808022f 100644 --- a/cmake/CompilerOptions.cmake +++ b/cmake/CompilerOptions.cmake @@ -1,5 +1,5 @@ # Normal and occlum mode -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration") +# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration") set(RATS_TLS_LDFLAGS "-fPIC -Bsymbolic -ldl") if(OCCLUM) @@ -12,6 +12,16 @@ else() set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2") endif() +if((BUILD_FUZZ) AND (SGX)) + set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wno-implicit-function-declaration") + set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC -Werror=implicit-function-declaration") +elseif() + set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11") + set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration") +endif() + # SGX mode if(SGX) if(SGX_HW) @@ -56,8 +66,8 @@ if(SGX) set(ENCLAVE_COMMON_FLAGS "${ENCLAVE_COMMON_FLAGS} -fstack-protector-strong") endif() - set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11") - set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11") + # set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11") + # set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11") set(ENCLAVE_INCLUDES "${SGX_INCLUDE}" "${SGX_TLIBC_INCLUDE}" "${SGX_LIBCXX_INCLUDE}" "/usr/include") set(ENCLAVE_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${ENCLAVE_COMMON_FLAGS}") @@ -67,3 +77,4 @@ if(SGX) set(APP_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${APP_COMMON_FLAGS}") set(APP_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_COMMON_CXXFLAGS} ${APP_COMMON_FLAGS}") endif() + diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index de3d568c..17020a05 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -1,4 +1,9 @@ -add_subdirectory(tls_init) -add_subdirectory(tls_negotiate) +if(SGX) + add_subdirectory(tls_sgx_mode) + add_subdirectory(sgx-stub-enclave) +else() + add_subdirectory(tls_init) + add_subdirectory(tls_negotiate) + add_subdirectory(tls_transmit) +endif() add_subdirectory(tls_server) -add_subdirectory(tls_transmit) \ No newline at end of file diff --git a/fuzz/README.md b/fuzz/README.md index 83173020..38e98cdc 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -27,6 +27,20 @@ cmake -DRATS_TLS_BUILD_MODE="host" -DBUILD_SAMPLES=on -DBUILD_FUZZ=on -H. -Bbuil make -C build install ``` +For `SGX` mode, the command is little different. + +```shell +cmake -DRATS_TLS_BUILD_MODE="sgx" -DBUILD_SAMPLES=off -DBUILD_FUZZ=on -H. -Bbuild +make -C build install +``` + +Attention! If you run fuzz host program before, you should clean the environment and vice versa. + +```bash +make -C build clean # clean the environment +rm -rf build +``` + # FUZZ ## rats_tls_init API @@ -65,4 +79,17 @@ base64 /dev/urandom | head -c 1500000 > c1 cd .. ./fuzz_server & ./fuzz_transmit -max_len=1500000 -len_control=0 corpus # len_control=0 means try genarating input with size up to max_len +``` + +# FUZZ in SGX mode + +We integrate the fuzz program for these apis into one program `fuzz_sgx_mode`, start the `fuzz_server` first, and then run `fuzz_sgx_mode` to start fuzz. + +```shell +cd /usr/share/rats_tls/fuzz/ +mkdir corpus && cd corpus # create corpus dir and fill in random string +base64 /dev/urandom | head -c 1500000 > c1 +cd .. +./fuzz_server & +./fuzz_sgx_mode -max_len=1500000 -len_control=0 corpus ``` \ No newline at end of file diff --git a/fuzz/sgx-stub-enclave/CMakeLists.txt b/fuzz/sgx-stub-enclave/CMakeLists.txt new file mode 100644 index 00000000..23b31cf5 --- /dev/null +++ b/fuzz/sgx-stub-enclave/CMakeLists.txt @@ -0,0 +1,83 @@ +# Project name +project(sgx-stub-enclave CXX) + +set(CMAKE_CXX_COMPILER "/usr/bin/clang++") +set(CMAKE_CXX_FLAGS "-g ${CMAKE_CXX_FLAGS}") +set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) + +if((BUILD_SAMPLES) OR (BUILD_FUZZ)) + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/include + ) + + set(LIBRARY_DIRS ${INTEL_SGXSSL_LIB_PATH} + ${LIBCBOR_LIB_PATH} + ${CMAKE_BINARY_DIR}/src + ${CMAKE_BINARY_DIR}/src/crypto_wrappers/nullcrypto + ${CMAKE_BINARY_DIR}/src/crypto_wrappers/openssl + ${CMAKE_BINARY_DIR}/src/tls_wrappers/nulltls + ${CMAKE_BINARY_DIR}/src/tls_wrappers/openssl + ${CMAKE_BINARY_DIR}/src/verifiers/nullverifier + ${CMAKE_BINARY_DIR}/src/verifiers/sgx-ecdsa-qve + ${CMAKE_BINARY_DIR}/src/verifiers/tdx-ecdsa + ${CMAKE_BINARY_DIR}/src/verifiers/sgx-la + ${CMAKE_BINARY_DIR}/src/attesters/nullattester + ${CMAKE_BINARY_DIR}/src/attesters/sgx-ecdsa + ${CMAKE_BINARY_DIR}/src/attesters/sgx-la + ) + + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) +else() + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake") + include(CustomInstallDirs) + include(FindRatsTls) + if(NOT RATS_TLS_FOUND) + message(FATAL_ERROR "Failed to find rats_tls!") + endif() + include(FindSGX) + if(NOT SGX_FOUND) + message(FATAL_ERROR "Failed to find sgx!") + endif() + include(CompilerOptions) + include(SGXCommon) + + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl) + + set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) + + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl) +endif() + +include_directories(${INCLUDE_DIRS}) +link_directories(${LIBRARY_DIRS}) + +set(E_SRCS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_ecall.c) +set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub.edl) +set(LDS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_enclave.lds) +set(DEPEND_TRUSTED_LIBS crypto_wrapper_nullcrypto + crypto_wrapper_openssl + tls_wrapper_nulltls + tls_wrapper_openssl + attester_nullattester + attester_sgx_ecdsa + attester_sgx_la + verifier_nullverifier + verifier_sgx_la + verifier_sgx_ecdsa_qve + verifier_tdx_ecdsa + rats_tls + cbor + ) + +add_enclave_library(sgx_stub_enclave SRCS ${E_SRCS} EDL ${EDLS} TRUSTED_LIBS ${DEPEND_TRUSTED_LIBS} EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS} LDSCRIPT ${LDS}) +enclave_sign(sgx_stub_enclave KEY sgx_stub_enclave.pem CONFIG sgx_stub_enclave.xml) +add_dependencies(sgx_stub_enclave rats_tls) + +install(FILES ${CMAKE_CURRENT_BINARY_DIR}/sgx_stub_enclave.signed.so + DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH}) diff --git a/fuzz/sgx-stub-enclave/sgx_stub.edl b/fuzz/sgx-stub-enclave/sgx_stub.edl new file mode 100644 index 00000000..fbb54358 --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub.edl @@ -0,0 +1,32 @@ +enclave { + include "rats-tls/api.h" + include "internal/core.h" + include "sgx_eid.h" + + from "../../src/include/edl/rtls.edl" import *; + from "sgx_tsgxssl.edl" import *; + + trusted { + public int ecall_client_startup( + rats_tls_log_level_t log_level, + [in, out] char *fuzz_conf_bytes, + [in, string] char *attester_type, + [in, string] char *verifier_type, + [in, string] char *tls_type, + [in, string] char *crypto_type, + unsigned long flags, + uint32_t s_ip, + uint16_t s_port + ); + + public int ecall_server_startup( + rats_tls_log_level_t log_level, + [in, string] char *attester_type, + [in, string] char *verifier_type, + [in, string] char *tls_type, + [in, string] char *crypto_type, + unsigned long flags, + uint32_t s_ip, + uint16_t s_port); + }; +}; diff --git a/fuzz/sgx-stub-enclave/sgx_stub_ecall.c b/fuzz/sgx-stub-enclave/sgx_stub_ecall.c new file mode 100644 index 00000000..81f9450e --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_ecall.c @@ -0,0 +1,250 @@ +#include +#include +#include +#include + +#include +#include +#include "rats-tls/api.h" +#include "sgx_urts.h" +#include "sgx_stub_t.h" + +#define FUZZ_IP "127.0.0.1" +#define FUZZ_PORT 1234 + +int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, char *attester_type, + char *verifier_type, char *tls_type, char *crypto_type, + unsigned long flags, uint32_t s_ip, uint16_t s_port) +{ + rats_tls_conf_t conf; + memset(&conf,0,sizeof(rats_tls_conf_t)); + + snprintf(conf.attester_type, sizeof(conf.attester_type), "%s", attester_type); + snprintf(conf.verifier_type, sizeof(conf.verifier_type), "%s", verifier_type); + snprintf(conf.tls_type, sizeof(conf.tls_type), "%s", tls_type); + snprintf(conf.crypto_type, sizeof(conf.crypto_type), "%s", crypto_type); + conf.flags = flags; + conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; + + RTLS_ERR("Enter the client \n"); + + claim_t custom_claims[2] = { + { .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") }, + { .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") }, + }; + conf.custom_claims = (claim_t *)custom_claims; + conf.custom_claims_length = 2; + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. + */ + + int64_t sockfd; + int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); + if (sgx_status != SGX_SUCCESS || sockfd < 0) { + RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + return -1; + } + + struct rtls_sockaddr_in s_addr; + memset(&s_addr, 0, sizeof(s_addr)); + s_addr.sin_family = RTLS_AF_INET; + s_addr.sin_addr.s_addr = s_ip; + s_addr.sin_port = s_port; + + /* Connect to the server */ + int ocall_ret = 0; + sgx_status = ocall_connect(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); + if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { + RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + RTLS_ERR("Enter the init \n"); + /* rats-tls init */ + librats_tls_init(); + rats_tls_handle handle; + rats_tls_err_t ret = rats_tls_init(&conf, &handle); + if (ret != RATS_TLS_ERR_NONE) { + RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + return -1; + } + RTLS_ERR("start to negotiate\n"); + + ret = rats_tls_negotiate(handle, (int)sockfd); + if (ret != RATS_TLS_ERR_NONE) { + RTLS_ERR("Failed to negotiate %#x\n", ret); + return -1; + } + + const char *msg = "Hello and welcome to RATS-TLS!\n"; + size_t len = strlen(msg); + RTLS_ERR("Enter the transmit \n"); + ret = rats_tls_transmit(handle, (void *)msg, &len); + if (ret != RATS_TLS_ERR_NONE || len != strlen(msg)) { + RTLS_ERR("Failed to transmit %#x\n", ret); + goto err; + } + + ret = rats_tls_cleanup(handle); + if (ret != RATS_TLS_ERR_NONE) + RTLS_ERR("Failed to cleanup %#x\n", ret); + + return 0; + +err: + rats_tls_cleanup(handle); + return -1; +} + +int ecall_server_startup(rats_tls_log_level_t log_level, char *attester_type, char *verifier_type, + char *tls_type, char *crypto_type, unsigned long flags, uint32_t s_ip, uint16_t s_port) +{ + rats_tls_conf_t conf; + memset(&conf, 0, sizeof(conf)); + conf.log_level = log_level; + + snprintf(conf.attester_type, sizeof(conf.attester_type), "%s", attester_type); + snprintf(conf.verifier_type, sizeof(conf.verifier_type), "%s", verifier_type); + snprintf(conf.tls_type, sizeof(conf.tls_type), "%s", tls_type); + snprintf(conf.crypto_type, sizeof(conf.crypto_type), "%s", crypto_type); + + conf.flags = flags; + conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; + + claim_t custom_claims[2] = { + { .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") }, + { .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") }, + }; + conf.custom_claims = (claim_t *)custom_claims; + conf.custom_claims_length = 2; + + int64_t sockfd; + int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0); + if (sgx_status != SGX_SUCCESS || sockfd < 0) { + RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd); + return -1; + } + + // int reuse = 1; + int ocall_ret = 0; + // sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_REUSEADDR, + // (const void *)&reuse, sizeof(int)); + // if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + // RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + // return -1; + // } + + // /* Set keepalive options */ + // int flag = 1; + // int tcp_keepalive_time = 30; + // int tcp_keepalive_intvl = 10; + // int tcp_keepalive_probes = 5; + // sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_KEEPALIVE, &flag, + // sizeof(flag)); + // if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + // RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + // return -1; + // } + + // sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPIDLE, + // &tcp_keepalive_time, sizeof(tcp_keepalive_time)); + // if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + // RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + // return -1; + // } + + // sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPINTVL, + // &tcp_keepalive_intvl, sizeof(tcp_keepalive_intvl)); + // if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + // RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + // return -1; + // } + + // sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPCNT, + // &tcp_keepalive_probes, sizeof(tcp_keepalive_probes)); + // if (sgx_status != SGX_SUCCESS || ocall_ret < 0) { + // RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret); + // return -1; + // } + + struct rtls_sockaddr_in s_addr; + memset(&s_addr, 0, sizeof(s_addr)); + s_addr.sin_family = RTLS_AF_INET; + s_addr.sin_addr.s_addr = s_ip; + s_addr.sin_port = s_port; + + /* Bind the server socket */ + sgx_status = ocall_bind(&ocall_ret, sockfd, &s_addr, sizeof(s_addr)); + if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { + RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + /* Listen for a new connection, allow 5 pending connections */ + sgx_status = ocall_listen(&ocall_ret, sockfd, 5); + if (sgx_status != SGX_SUCCESS || ocall_ret == -1) { + RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret); + return -1; + } + + librats_tls_init(); + rats_tls_handle handle; + rats_tls_err_t ret = rats_tls_init(&conf, &handle); + if (ret != RATS_TLS_ERR_NONE) { + RTLS_ERR("Failed to initialize rats tls %#x\n", ret); + return -1; + } + + struct rtls_sockaddr_in c_addr; + uint32_t addrlen_in = sizeof(c_addr); + uint32_t addrlen_out; + while (1) { + RTLS_INFO("Waiting for a connection ...\n"); + + int64_t connd; + sgx_status = ocall_accept(&connd, sockfd, &c_addr, addrlen_in, &addrlen_out); + if (sgx_status != SGX_SUCCESS || connd < 0) { + RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd); + return -1; + } + + ret = rats_tls_negotiate(handle, connd); + if (ret != RATS_TLS_ERR_NONE) { + RTLS_ERR("Failed to negotiate %#x\n", ret); + goto err; + } + + RTLS_DEBUG("Client connected successfully\n"); + + // char buf[256]; + // size_t len = sizeof(buf); + // ret = rats_tls_receive(handle, buf, &len); + // if (ret != RATS_TLS_ERR_NONE) { + // RTLS_ERR("Failed to receive %#x\n", ret); + // goto err; + // } + + // if (len >= sizeof(buf)) + // len = sizeof(buf) - 1; + // buf[len] = '\0'; + + // RTLS_INFO("Client: %s\n", buf); + + /* Reply back to the client */ + //ret = rats_tls_transmit(handle, buf, &len); + //if (ret != RATS_TLS_ERR_NONE) { + //RTLS_ERR("Failed to transmit %#x\n", ret); + //goto err; + //} + + ocall_close(&ocall_ret, connd); + } + + return 0; +err: + /* Ignore the error code of cleanup in order to return the prepositional error */ + rats_tls_cleanup(handle); + return -1; +} diff --git a/fuzz/sgx-stub-enclave/sgx_stub_ecall.h b/fuzz/sgx-stub-enclave/sgx_stub_ecall.h new file mode 100644 index 00000000..5b69b341 --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_ecall.h @@ -0,0 +1,3 @@ +#ifndef _SGX_STUB_ECALL_H_ +#define _SGX_STUB_ECALL_H_ +#endif \ No newline at end of file diff --git a/fuzz/sgx-stub-enclave/sgx_stub_enclave.lds b/fuzz/sgx-stub-enclave/sgx_stub_enclave.lds new file mode 100644 index 00000000..986be952 --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_enclave.lds @@ -0,0 +1,11 @@ +libsgx_stub_enclave.so.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + g_peak_rsrv_mem_committed; + local: + *; +}; diff --git a/fuzz/sgx-stub-enclave/sgx_stub_enclave.pem b/fuzz/sgx-stub-enclave/sgx_stub_enclave.pem new file mode 100644 index 00000000..529d07be --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_enclave.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/fuzz/sgx-stub-enclave/sgx_stub_enclave.xml b/fuzz/sgx-stub-enclave/sgx_stub_enclave.xml new file mode 100644 index 00000000..733dc898 --- /dev/null +++ b/fuzz/sgx-stub-enclave/sgx_stub_enclave.xml @@ -0,0 +1,9 @@ + + 0 + 0 + 0x400000 + 0x1000000 + 10 + 1 + 0 + diff --git a/fuzz/tls_init/CMakeLists.txt b/fuzz/tls_init/CMakeLists.txt index aab84dd9..7764894c 100644 --- a/fuzz/tls_init/CMakeLists.txt +++ b/fuzz/tls_init/CMakeLists.txt @@ -3,16 +3,52 @@ project(fuzz_init CXX) set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) set(CMAKE_CXX_COMPILER "/usr/bin/clang++") set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g ${CMAKE_CXX_FLAGS}") -set(CMAKE_CXX_FLAGS "-fPIE ${CMAKE_CXX_FLAGS}") set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) +if(NOT SGX) + set(CMAKE_CXX_FLAGS "-fPIE ${CMAKE_CXX_FLAGS}") +endif() -set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + +if(SGX) + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake") + include(CustomInstallDirs) + include(FindRatsTls) + if(NOT RATS_TLS_FOUND) + message(FATAL_ERROR "Failed to find rats_tls!") + endif() + + include(FindSGX) + if(NOT SGX_FOUND) + message(FATAL_ERROR "Failed to find sgx!") + endif() + + include(CompilerOptions) + include(SGXCommon) + + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls - ${RATS_TLS_INSTALL_INCLUDE_PATH} - ${RATS_TLS_INSTALL_INCLUDE_PATH}/edl ) -set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) + list(APPEND LIBRARY_DIRS ${CMAKE_BINARY_DIR}/src/sgx/untrust + ${CMAKE_BINARY_DIR}/fuzz/sgx-stub-enclave + ) + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) + set(DEPEND_UNTRUSTED_LIBS ${CMAKE_BINARY_DIR}/src/sgx/untrust/librats_tls_u.a) + +else() + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${RATS_TLS_INSTALL_INCLUDE_PATH} + ${RATS_TLS_INSTALL_INCLUDE_PATH}/edl + ) + set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) +endif() include_directories(${INCLUDE_DIRS}) link_directories(${LIBRARY_DIRS}) @@ -21,8 +57,18 @@ link_directories(${LIBRARY_DIRS}) set(SOURCES fuzz_init.cc) # Generate bin file -add_executable(${PROJECT_NAME} ${SOURCES}) -target_link_libraries(${PROJECT_NAME} rats_tls) +if(SGX) + set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave/sgx_stub.edl) + add_untrusted_executable(${PROJECT_NAME} + SRCS ${SOURCES} + UNTRUSTED_LIBS ${DEPEND_UNTRUSTED_LIBS} + EDL ${EDLS} + EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS}) + add_dependencies(${PROJECT_NAME} sgx_stub_enclave-sign) +else() + add_executable(${PROJECT_NAME} ${SOURCES}) + target_link_libraries(${PROJECT_NAME} rats_tls) +endif() install(TARGETS ${PROJECT_NAME} DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH}) diff --git a/fuzz/tls_init/fuzz_init.cc b/fuzz/tls_init/fuzz_init.cc index a4ea8de1..1135a9d9 100644 --- a/fuzz/tls_init/fuzz_init.cc +++ b/fuzz/tls_init/fuzz_init.cc @@ -17,6 +17,8 @@ extern "C" { #define CUSTOM_CLAIMS_SIZE 10 +rats_tls_log_level_t global_log_level = RATS_TLS_LOG_LEVEL_DEFAULT; + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { rats_tls_conf_t conf; // consume 192 bytes @@ -107,6 +109,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } } } - return 0; -} \ No newline at end of file +} diff --git a/fuzz/tls_negotiate/fuzz_negotiate.cc b/fuzz/tls_negotiate/fuzz_negotiate.cc index 9f36313e..5d12d290 100644 --- a/fuzz/tls_negotiate/fuzz_negotiate.cc +++ b/fuzz/tls_negotiate/fuzz_negotiate.cc @@ -133,7 +133,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (connect(sockfd, (struct sockaddr *)&s_addr, sizeof(s_addr)) == -1) { - // free memory RTLS_ERR("Failed to connect to server \n"); for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { free(custom_claims[c].name); @@ -168,4 +167,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } return 0; -} \ No newline at end of file +} diff --git a/fuzz/tls_server/CMakeLists.txt b/fuzz/tls_server/CMakeLists.txt index 993260a6..aef5b896 100644 --- a/fuzz/tls_server/CMakeLists.txt +++ b/fuzz/tls_server/CMakeLists.txt @@ -3,13 +3,45 @@ project(fuzz_server CXX) set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) set(CMAKE_CXX_COMPILER "/usr/bin/clang++") set(CMAKE_CXX_FLAGS "-g ${CMAKE_CXX_FLAGS}") +set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) + +if(SGX) + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake") + include(CustomInstallDirs) + include(FindRatsTls) + if(NOT RATS_TLS_FOUND) + message(FATAL_ERROR "Failed to find rats_tls!") + endif() + + include(FindSGX) + if(NOT SGX_FOUND) + message(FATAL_ERROR "Failed to find sgx!") + endif() -set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + include(CompilerOptions) + include(SGXCommon) + + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls - ${RATS_TLS_INSTALL_INCLUDE_PATH} ) -set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) -set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) + list(APPEND LIBRARY_DIRS ${CMAKE_BINARY_DIR}/src/sgx/untrust + ${CMAKE_BINARY_DIR}/fuzz/sgx-stub-enclave + ) + set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) + set(DEPEND_UNTRUSTED_LIBS ${CMAKE_BINARY_DIR}/src/sgx/untrust/librats_tls_u.a) +else() + set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ${RATS_TLS_INSTALL_INCLUDE_PATH} + ) + set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH}) +endif() include_directories(${INCLUDE_DIRS}) link_directories(${LIBRARY_DIRS}) @@ -18,9 +50,18 @@ link_directories(${LIBRARY_DIRS}) set(SOURCES fuzz_server.cc) # Generate bin file -add_executable(${PROJECT_NAME} ${SOURCES}) -target_link_libraries(${PROJECT_NAME} rats_tls) +if(SGX) + set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave/sgx_stub.edl) + add_untrusted_executable(${PROJECT_NAME} + SRCS ${SOURCES} + UNTRUSTED_LIBS ${DEPEND_UNTRUSTED_LIBS} + EDL ${EDLS} + EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS}) + add_dependencies(${PROJECT_NAME} sgx_stub_enclave-sign) +else() + add_executable(${PROJECT_NAME} ${SOURCES}) + target_link_libraries(${PROJECT_NAME} rats_tls) +endif() install(TARGETS ${PROJECT_NAME} DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH}) - diff --git a/fuzz/tls_server/fuzz_server.cc b/fuzz/tls_server/fuzz_server.cc index 3672bde2..7afca2d2 100644 --- a/fuzz/tls_server/fuzz_server.cc +++ b/fuzz/tls_server/fuzz_server.cc @@ -26,6 +26,69 @@ extern "C" { #define FUZZ_IP "127.0.0.1" #define FUZZ_PORT 1234 +#ifdef SGX + +extern "C" { +#include +#include +#include "sgx_stub_u.h" +} + +#define ENCLAVE_FILENAME "sgx_stub_enclave.signed.so" +rats_tls_log_level_t global_log_level = RATS_TLS_LOG_LEVEL_DEFAULT; + +static sgx_enclave_id_t load_enclave(bool debug_enclave) +{ + sgx_launch_token_t t; + + memset(t, 0, sizeof(t)); + + sgx_enclave_id_t eid; + int updated = 0; + int ret = sgx_create_enclave(ENCLAVE_FILENAME, debug_enclave, &t, &updated, &eid, NULL); + if (ret != SGX_SUCCESS) { + RTLS_ERR("Failed to load enclave %d\n", ret); + return 0; + } + + RTLS_INFO("Success to load enclave with enclave id %ld\n", eid); + + return eid; +} + +int main(){ + + uint32_t s_ip = inet_addr(FUZZ_IP); + uint16_t s_port = htons((uint16_t)FUZZ_PORT); + + sgx_enclave_id_t enclave_id = load_enclave(false); + if (enclave_id == 0) { + RTLS_ERR("Failed to load sgx stub enclave\n"); + return -1; + } + + unsigned long flags = 0; + flags |= RATS_TLS_CONF_FLAGS_SERVER; + flags |= RATS_TLS_CONF_FLAGS_MUTUAL; + + rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO; + char* attester_type = "sgx_la"; + char* verifier_type = "sgx_la"; + char* tls_type = "openssl"; + char* crypto_type = "openssl"; + + int ret = 0; + int sgx_status = ecall_server_startup((sgx_enclave_id_t)enclave_id, &ret, log_level, attester_type, verifier_type, tls_type, + crypto_type, flags,s_ip,s_port); + if (sgx_status != SGX_SUCCESS || ret) { + RTLS_ERR("failed to startup enclave server: sgx status %d, ecall return %d\n", + sgx_status, ret); + return -1; + } +} + +#else + int main() { rats_tls_conf_t conf; @@ -150,4 +213,6 @@ int main() close(connd); } return 0; -} \ No newline at end of file +} + +#endif diff --git a/fuzz/tls_sgx_mode/CMakeLists.txt b/fuzz/tls_sgx_mode/CMakeLists.txt new file mode 100644 index 00000000..c8c443b2 --- /dev/null +++ b/fuzz/tls_sgx_mode/CMakeLists.txt @@ -0,0 +1,55 @@ +project(fuzz_sgx_mode CXX) + +set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) +set(CMAKE_CXX_COMPILER "/usr/bin/clang++") +set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g ${CMAKE_CXX_FLAGS}") +set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz) + +list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake") +include(CustomInstallDirs) +include(FindRatsTls) +if(NOT RATS_TLS_FOUND) + message(FATAL_ERROR "Failed to find rats_tls!") +endif() + +include(FindSGX) +if(NOT SGX_FOUND) + message(FATAL_ERROR "Failed to find sgx!") +endif() + +include(CompilerOptions) +include(SGXCommon) + +set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) +set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls + ) +list(APPEND LIBRARY_DIRS ${CMAKE_BINARY_DIR}/src/sgx/untrust + ${CMAKE_BINARY_DIR}/fuzz/sgx-stub-enclave + ) +set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave + ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl + ) +set(DEPEND_UNTRUSTED_LIBS ${CMAKE_BINARY_DIR}/src/sgx/untrust/librats_tls_u.a) + + +include_directories(${INCLUDE_DIRS}) +link_directories(${LIBRARY_DIRS}) + +# Set source file +set(SOURCES fuzz_sgx_mode.cc) + +# Generate bin file +set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/../sgx-stub-enclave/sgx_stub.edl) +add_untrusted_executable(${PROJECT_NAME} + SRCS ${SOURCES} + UNTRUSTED_LIBS ${DEPEND_UNTRUSTED_LIBS} + EDL ${EDLS} + EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS}) +add_dependencies(${PROJECT_NAME} sgx_stub_enclave-sign) + +install(TARGETS ${PROJECT_NAME} + DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH}) diff --git a/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc b/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc new file mode 100644 index 00000000..8d78de99 --- /dev/null +++ b/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc @@ -0,0 +1,151 @@ + +/* Copyright (c) 2021 Intel Corporation + * Copyright (c) 2020-2021 Alibaba Cloud + * + * SPDX-License-Identifier: Apache-2.0 + */ +extern "C" { +#include +#include +#include +#include +#include +#include +#include "rats-tls/api.h" +#include "rats-tls/log.h" +#include "rats-tls/claim.h" +#include "internal/core.h" +#include +#include +#include "sgx_stub_u.h" +} + +#include +#include + +#define CUSTOM_CLAIMS_SIZE 10 +#define FUZZ_IP "127.0.0.1" +#define FUZZ_PORT 1234 + +rats_tls_log_level_t global_log_level = RATS_TLS_LOG_LEVEL_DEFAULT; + + +#define ENCLAVE_FILENAME "sgx_stub_enclave.signed.so" + +static sgx_enclave_id_t load_enclave(bool debug_enclave) +{ + sgx_launch_token_t t; + + memset(t, 0, sizeof(t)); + + sgx_enclave_id_t eid; + int updated = 0; + int ret = sgx_create_enclave(ENCLAVE_FILENAME, debug_enclave, &t, &updated, &eid, NULL); + if (ret != SGX_SUCCESS) { + RTLS_ERR("Failed to load enclave %d\n", ret); + return 0; + } + + RTLS_INFO("Success to load enclave with enclave id %ld\n", eid); + + return eid; +} + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ + if (size < sizeof(rats_tls_conf_t) ) { + return 0; + } + + FuzzedDataProvider fuzzed_data(data , size); + sgx_enclave_id_t enclave_id = load_enclave(fuzzed_data.ConsumeBool()); + if (enclave_id == 0) { + RTLS_ERR("Failed to load sgx stub enclave\n"); + return -1; + } + + char * fuzz_conf_bytes = NULL; + + uint32_t s_ip = inet_addr(FUZZ_IP); + uint16_t s_port = htons((uint16_t)FUZZ_PORT); + + char * attester_type = (char *)malloc(20); + if(attester_type == NULL){ + return 0; + } + char * verifier_type = (char *)malloc(20); + if(verifier_type == NULL){ + return 0; + } + char * tls_type = (char *)malloc(20); + if(tls_type == NULL){ + return 0; + } + char * crypto_type = (char *)malloc(20); + if(crypto_type == NULL){ + return 0; + } + + char attester_types[10][25] = { "nullattester", "", "sgx_la", "csv", + "sev", "sev_snp", "tdx_ecdsa", "sgx_ecdsa" }; + strcpy(attester_types[8], fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + char verifier_types[10][25] = { "nullverifier", "", "sgx_la", + "csv", "sev", "sev_snp", + "tdx_ecdsa", "tdx_ecdsa", "sgx_ecdsa_qve" }; + strcpy(verifier_types[9], fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + char tls_types[4][25] = { "nulltls", "", "openssl" }; + strcpy(tls_types[3], + fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + char crypto_types[4][25] = { "nullcrypto", "", "openssl" }; + strcpy(crypto_types[3], + fuzzed_data.ConsumeBytesWithTerminator(20, '\0').data()); + if (fuzzed_data.remaining_bytes() < 0) { + return 0; + } + + for (int i = 0; i < 9; i++) { + for (int j = 0; j < 10; j++) { + for (int k = 0; k < 4; k++) { + for (int l = 0; l < 4; l++) { + + strcpy(attester_type, "sgx_la"); + strcpy(verifier_type, "sgx_la"); + strcpy(tls_type, "openssl"); + strcpy(crypto_type, "openssl"); + + unsigned long flags = fuzzed_data.ConsumeIntegral(); + flags |= RATS_TLS_CONF_FLAGS_MUTUAL; + int ret = 0; + rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO; + + int sgx_status = ecall_client_startup((sgx_enclave_id_t)enclave_id, &ret,log_level,fuzz_conf_bytes, attester_type, verifier_type, tls_type, crypto_type, flags,s_ip,s_port); + if (sgx_status != SGX_SUCCESS || ret){ + RTLS_ERR("failed to startup client: sgx status %#x return %#x\n", sgx_status, ret); + } + + + } + + } + + } + + } + /*clean up*/ + free(fuzz_conf_bytes); + free(attester_type); + free(verifier_type); + free(tls_type); + free(crypto_type); + + return 0; +} diff --git a/fuzz/tls_transmit/CMakeLists.txt b/fuzz/tls_transmit/CMakeLists.txt index cb8aee42..8497d3c4 100644 --- a/fuzz/tls_transmit/CMakeLists.txt +++ b/fuzz/tls_transmit/CMakeLists.txt @@ -2,7 +2,10 @@ project(fuzz_transmit CXX) set(CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) set(CMAKE_CXX_COMPILER "/usr/bin/clang++") -set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g -fPIE ${CMAKE_CXX_FLAGS}") +set(CMAKE_CXX_FLAGS "-fsanitize=address,fuzzer -g ${CMAKE_CXX_FLAGS}") +if(NOT SGX) + set(CMAKE_CXX_FLAGS "-fPIE ${CMAKE_CXX_FLAGS}") +endif() set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls diff --git a/fuzz/tls_transmit/fuzz_transmit.cc b/fuzz/tls_transmit/fuzz_transmit.cc index f3227e0c..ad0bff06 100644 --- a/fuzz/tls_transmit/fuzz_transmit.cc +++ b/fuzz/tls_transmit/fuzz_transmit.cc @@ -86,14 +86,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) conf.api_version = 0; conf.flags = fuzzed_data.ConsumeIntegral(); - strcpy(conf.attester_type, "nullattester"); - strcpy(conf.verifier_type, "nullverifier"); - strcpy(conf.tls_type, "nulltls"); - strcpy(conf.crypto_type, "nullcrypto"); + strcpy(conf.attester_type, attester_types[i]); + strcpy(conf.verifier_type, verifier_types[j]); + strcpy(conf.tls_type, tls_types[k]); + strcpy(conf.crypto_type, crypto_types[l]); int sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { - RTLS_ERR("Socked create failed \n"); + RTLS_ERR("socked create failed \n"); close(sockfd); continue; } @@ -152,7 +152,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) for (int c = 0; c < CUSTOM_CLAIMS_SIZE; c++) { free(custom_claims[c].name); } - continue; } @@ -214,4 +213,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } } return 0; -} \ No newline at end of file +}