temporary storage, it wouldbe delete when finished

inclavare-containers · Dec 5, 2023 · 9898753 · 9898753
1 parent d427a4e
commit 9898753
Show file tree

Hide file tree

Showing 3 changed files with 140 additions and 125 deletions.
diff --git a/fuzz/sgx-stub-enclave/sgx_stub_ecall.c b/fuzz/sgx-stub-enclave/sgx_stub_ecall.c
@@ -12,38 +12,76 @@
 #define FUZZ_IP	  "127.0.0.1"
 #define FUZZ_PORT 1234
 
-int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, char *attester_type,
-			 char *verifier_type, char *tls_type, char *crypto_type,
-			 unsigned long flags, uint32_t s_ip, uint16_t s_port)
+
+
+int ecall_server_startup(rats_tls_log_level_t log_level, char *attester_type, char *verifier_type,
+			 char *tls_type, char *crypto_type, unsigned long flags, uint32_t s_ip,
+			 uint16_t s_port)
 {
+
 	rats_tls_conf_t conf;
-	memset(&conf, 0, sizeof(rats_tls_conf_t));
 
+	memset(&conf, 0, sizeof(conf));
+	conf.log_level = log_level;
 	snprintf(conf.attester_type, sizeof(conf.attester_type), "%s", attester_type);
 	snprintf(conf.verifier_type, sizeof(conf.verifier_type), "%s", verifier_type);
 	snprintf(conf.tls_type, sizeof(conf.tls_type), "%s", tls_type);
 	snprintf(conf.crypto_type, sizeof(conf.crypto_type), "%s", crypto_type);
 	conf.flags = flags;
 	conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT;
 
-	RTLS_INFO("Enter the client \n");
-
 	claim_t custom_claims[2] = {
 		{ .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") },
 		{ .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") },
 	};
 	conf.custom_claims = (claim_t *)custom_claims;
 	conf.custom_claims_length = 2;
 
-	/* Create a socket that uses an internet IPv4 address,
-	 * Sets the socket to be stream based (TCP),
-	 * 0 means choose the default protocol.
-	 */
-
 	int64_t sockfd;
 	int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0);
 	if (sgx_status != SGX_SUCCESS || sockfd < 0) {
-		// RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd);
+		RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd);
+		return -1;
+	}
+
+	int reuse = 1;
+	int ocall_ret = 0;
+	sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_REUSEADDR,
+				      (const void *)&reuse, sizeof(int));
+	if (sgx_status != SGX_SUCCESS || ocall_ret < 0) {
+		RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret);
+		return -1;
+	}
+
+	int flag = 1;
+	int tcp_keepalive_time = 30;
+	int tcp_keepalive_intvl = 10;
+	int tcp_keepalive_probes = 5;
+	sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_SOCKET, RTLS_SO_KEEPALIVE, &flag,
+				      sizeof(flag));
+	if (sgx_status != SGX_SUCCESS || ocall_ret < 0) {
+		RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret);
+		return -1;
+	}
+
+	sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPIDLE,
+				      &tcp_keepalive_time, sizeof(tcp_keepalive_time));
+	if (sgx_status != SGX_SUCCESS || ocall_ret < 0) {
+		RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret);
+		return -1;
+	}
+
+	sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPINTVL,
+				      &tcp_keepalive_intvl, sizeof(tcp_keepalive_intvl));
+	if (sgx_status != SGX_SUCCESS || ocall_ret < 0) {
+		RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret);
+		return -1;
+	}
+
+	sgx_status = ocall_setsockopt(&ocall_ret, sockfd, RTLS_SOL_TCP, RTLS_TCP_KEEPCNT,
+				      &tcp_keepalive_probes, sizeof(tcp_keepalive_probes));
+	if (sgx_status != SGX_SUCCESS || ocall_ret < 0) {
+		RTLS_ERR("Failed to call setsockopt() %#x %d\n", sgx_status, ocall_ret);
 		return -1;
 	}
 
@@ -53,138 +91,110 @@ int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes,
 	s_addr.sin_addr.s_addr = s_ip;
 	s_addr.sin_port = s_port;
 
-	/* Connect to the server */
-	int ocall_ret = 0;
-	sgx_status = ocall_connect(&ocall_ret, sockfd, &s_addr, sizeof(s_addr));
+	sgx_status = ocall_bind(&ocall_ret, sockfd, &s_addr, sizeof(s_addr));
 	if (sgx_status != SGX_SUCCESS || ocall_ret == -1) {
-		// RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret);
+		RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret);
+		return -1;
+	}
+
+	/* Listen for a new connection, allow 5 pending connections */
+	sgx_status = ocall_listen(&ocall_ret, sockfd, 5);
+	if (sgx_status != SGX_SUCCESS || ocall_ret == -1) {
+		RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret);
 		return -1;
 	}
 
-	// RTLS_INFO("Enter the init \n");
-	/* rats-tls init */
 	librats_tls_init();
 	rats_tls_handle handle;
 	rats_tls_err_t ret = rats_tls_init(&conf, &handle);
 	if (ret != RATS_TLS_ERR_NONE) {
-		// RTLS_ERR("Failed to initialize rats tls %#x\n", ret);
+		RTLS_ERR("Failed to initialize rats tls %#x\n", ret);
 		return -1;
 	}
-	// RTLS_INFO("start to negotiate\n");
 
-	ret = rats_tls_negotiate(handle, (int)sockfd);
+	ret = rats_tls_set_verification_callback(&handle, NULL);
 	if (ret != RATS_TLS_ERR_NONE) {
-		// RTLS_ERR("Failed to negotiate %#x\n", ret);
+		RTLS_ERR("Failed to set verification callback %#x\n", ret);
 		return -1;
 	}
 
-	const char *msg = "Hello and welcome to RATS-TLS!\n";
-	size_t len = strlen(msg);
-	// RTLS_INFO("Enter the transmit \n");
-	ret = rats_tls_transmit(handle, (void *)msg, &len);
-	if (ret != RATS_TLS_ERR_NONE || len != strlen(msg)) {
-		// RTLS_ERR("Failed to transmit %#x\n", ret);
-		goto err;
-	}
+	struct rtls_sockaddr_in c_addr;
+	uint32_t addrlen_in = sizeof(c_addr);
+	uint32_t addrlen_out;
+
+	while (1) {
+		RTLS_INFO("Waiting for a connection ...\n");
+
+		int64_t connd;
+		sgx_status = ocall_accept(&connd, sockfd, &c_addr, addrlen_in, &addrlen_out);
+		if (sgx_status != SGX_SUCCESS || connd < 0) {
+			RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd);
+			return -1;
+		}
 
-	ret = rats_tls_cleanup(handle);
-	if (ret != RATS_TLS_ERR_NONE)
-		// RTLS_ERR("Failed to cleanup %#x\n", ret);
+		// whether it need delete
+		ocall_close(&ocall_ret, connd);
+	}
 
+	RTLS_ERR("server Quick ecall \n");
 	return 0;
 
-err:
-	rats_tls_cleanup(handle);
-	return -1;
 }
 
-int ecall_server_startup(rats_tls_log_level_t log_level, char *attester_type, char *verifier_type,
-			 char *tls_type, char *crypto_type, unsigned long flags, uint32_t s_ip,
-			 uint16_t s_port)
+int ecall_client_startup(rats_tls_log_level_t log_level, char *fuzz_conf_bytes, char *attester_type,
+			 char *verifier_type, char *tls_type, char *crypto_type,
+			 unsigned long flags, uint32_t s_ip, uint16_t s_port)
 {
 	rats_tls_conf_t conf;
+
 	memset(&conf, 0, sizeof(conf));
 	conf.log_level = log_level;
-
 	snprintf(conf.attester_type, sizeof(conf.attester_type), "%s", attester_type);
 	snprintf(conf.verifier_type, sizeof(conf.verifier_type), "%s", verifier_type);
 	snprintf(conf.tls_type, sizeof(conf.tls_type), "%s", tls_type);
 	snprintf(conf.crypto_type, sizeof(conf.crypto_type), "%s", crypto_type);
-
 	conf.flags = flags;
 	conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT;
 
-	claim_t custom_claims[2] = {
-		{ .name = "key_0", .value = (uint8_t *)"value_0", .value_size = sizeof("value_0") },
-		{ .name = "key_1", .value = (uint8_t *)"value_1", .value_size = sizeof("value_1") },
-	};
-	conf.custom_claims = (claim_t *)custom_claims;
-	conf.custom_claims_length = 2;
-
 	int64_t sockfd;
 	int sgx_status = ocall_socket(&sockfd, RTLS_AF_INET, RTLS_SOCK_STREAM, 0);
 	if (sgx_status != SGX_SUCCESS || sockfd < 0) {
-		// RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd);
+		RTLS_ERR("Failed to call socket() %#x %d\n", sgx_status, sockfd);
 		return -1;
 	}
 
-	int ocall_ret = 0;
-
 	struct rtls_sockaddr_in s_addr;
 	memset(&s_addr, 0, sizeof(s_addr));
 	s_addr.sin_family = RTLS_AF_INET;
 	s_addr.sin_addr.s_addr = s_ip;
 	s_addr.sin_port = s_port;
 
-	/* Bind the server socket */
-	sgx_status = ocall_bind(&ocall_ret, sockfd, &s_addr, sizeof(s_addr));
-	if (sgx_status != SGX_SUCCESS || ocall_ret == -1) {
-		// RTLS_ERR("Failed to call bind(), %#x %d\n", sgx_status, ocall_ret);
-		return -1;
-	}
-
-	/* Listen for a new connection, allow 5 pending connections */
-	sgx_status = ocall_listen(&ocall_ret, sockfd, 5);
+	int ocall_ret = 0;
+	sgx_status = ocall_connect(&ocall_ret, sockfd, &s_addr, sizeof(s_addr));
 	if (sgx_status != SGX_SUCCESS || ocall_ret == -1) {
-		// RTLS_ERR("Failed to call listen(), %#x %d\n", sgx_status, ocall_ret);
+		RTLS_ERR("failed to call connect() %#x %d\n", sgx_status, ocall_ret);
 		return -1;
 	}
+	// RTLS_ERR("connect success\n");
 
+	/* rats-tls init */
 	librats_tls_init();
-	rats_tls_handle handle;
-	rats_tls_err_t ret = rats_tls_init(&conf, &handle);
-	if (ret != RATS_TLS_ERR_NONE) {
-		// RTLS_ERR("Failed to initialize rats tls %#x\n", ret);
-		return -1;
-	}
+	// rats_tls_handle handle;
+	// rats_tls_err_t ret = rats_tls_init(&conf, &handle);
+	// if (ret != RATS_TLS_ERR_NONE) {
+	// 	RTLS_ERR("Failed to initialize rats tls %#x\n", ret);
+	// 	return -1;
+	// }
+	RTLS_ERR("Init Ok \n");
 
-	struct rtls_sockaddr_in c_addr;
-	uint32_t addrlen_in = sizeof(c_addr);
-	uint32_t addrlen_out;
-	while (1) {
-		// RTLS_INFO("Waiting for a connection ...\n");
-
-		int64_t connd;
-		sgx_status = ocall_accept(&connd, sockfd, &c_addr, addrlen_in, &addrlen_out);
-		if (sgx_status != SGX_SUCCESS || connd < 0) {
-			// RTLS_ERR("Failed to call accept() %#x %d\n", sgx_status, connd);
-			return -1;
-		}
+	// ocall_close(&ocall_ret,sockfd);
 
-		ret = rats_tls_negotiate(handle, connd);
-		if (ret != RATS_TLS_ERR_NONE) {
-			// RTLS_ERR("Failed to negotiate %#x\n", ret);
-			goto err;
-		}
+	// ret = rats_tls_cleanup(handle);
+	// if (ret != RATS_TLS_ERR_NONE)
+	// 	RTLS_ERR("Failed to cleanup %#x\n", ret);
 
-		// RTLS_INFO("Client connected successfully\n");
+	// return ret;
 
-		ocall_close(&ocall_ret, connd);
-	}
 
-	return 0;
-err:
-	/* Ignore the error code of cleanup in order to return the prepositional error */
-	rats_tls_cleanup(handle);
-	return -1;
-}
+	// RTLS_ERR("Entering the client SGX \n");
+}
diff --git a/fuzz/tls_server/fuzz_server.cc b/fuzz/tls_server/fuzz_server.cc
@@ -66,10 +66,11 @@ int main()
 		RTLS_ERR("Failed to load sgx stub enclave\n");
 		return -1;
 	}
+	RTLS_ERR("load enclave ok \n");
 
 	unsigned long flags = 0;
 	flags |= RATS_TLS_CONF_FLAGS_SERVER;
-	flags |= RATS_TLS_CONF_FLAGS_MUTUAL;
+	// flags |= RATS_TLS_CONF_FLAGS_MUTUAL;
 
 	// TODO: add sgx_ecdsa type
 	rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO;

diff --git a/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc b/fuzz/tls_sgx_mode/fuzz_sgx_mode.cc
@@ -57,7 +57,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	}
 
 	FuzzedDataProvider fuzzed_data(data, size);
-	sgx_enclave_id_t enclave_id = load_enclave(fuzzed_data.ConsumeBool());
+	sgx_enclave_id_t enclave_id = load_enclave(false);
 	if (enclave_id == 0) {
 		RTLS_ERR("Failed to load sgx stub enclave\n");
 		return -1;
@@ -68,39 +68,43 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	uint32_t s_ip = inet_addr(FUZZ_IP);
 	uint16_t s_port = htons((uint16_t)FUZZ_PORT);
 
-	char *attester_type = (char *)malloc(20);
-	if (attester_type == NULL) {
-		return 0;
-	}
-	char *verifier_type = (char *)malloc(20);
-	if (verifier_type == NULL) {
-		return 0;
-	}
-	char *tls_type = (char *)malloc(20);
-	if (tls_type == NULL) {
-		return 0;
-	}
-	char *crypto_type = (char *)malloc(20);
-	if (crypto_type == NULL) {
-		return 0;
-	}
+	// char *attester_type = (char *)malloc(20);
+	// if (attester_type == NULL) {
+	// 	return 0;
+	// }
+	// char *verifier_type = (char *)malloc(20);
+	// if (verifier_type == NULL) {
+	// 	return 0;
+	// }
+	// char *tls_type = (char *)malloc(20);
+	// if (tls_type == NULL) {
+	// 	return 0;
+	// }
+	// char *crypto_type = (char *)malloc(20);
+	// if (crypto_type == NULL) {
+	// 	return 0;
+	// }
 
 
 	for (int i = 0; i < 9; i++) {
 		for (int j = 0; j < 10; j++) {
 			for (int k = 0; k < 4; k++) {
 				for (int l = 0; l < 4; l++) {
 					//TODO: other sgx type would support later
-					strcpy(attester_type, "sgx_la");
-					strcpy(verifier_type, "sgx_la");
-					strcpy(tls_type, "openssl");
-					strcpy(crypto_type, "openssl");
-
-					unsigned long flags = fuzzed_data.ConsumeIntegral<long>();
-					flags |= RATS_TLS_CONF_FLAGS_MUTUAL;
+					// strcpy(attester_type, "sgx_la");
+					// strcpy(verifier_type, "sgx_la");
+					// strcpy(tls_type, "openssl");
+					// strcpy(crypto_type, "openssl");
+					char *attester_type = "sgx_la";
+					char *verifier_type = "sgx_la";
+					char *tls_type = "openssl";
+					char *crypto_type = "openssl";
+
+					unsigned long flags = 0;
+					flags |= RATS_TLS_CONF_FLAGS_MUTUAL ;
 					int ret = 0;
-					rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO;
-
+					rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_DEBUG;
+				
 					int sgx_status = ecall_client_startup(
 						(sgx_enclave_id_t)enclave_id, &ret, log_level,
 						fuzz_conf_bytes, attester_type, verifier_type,
@@ -115,11 +119,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 		}
 	}
 	/*clean up*/
-	free(fuzz_conf_bytes);
-	free(attester_type);
-	free(verifier_type);
-	free(tls_type);
-	free(crypto_type);
+	// free(fuzz_conf_bytes);
+	// free(attester_type);
+	// free(verifier_type);
+	// free(tls_type);
+	// free(crypto_type);
 
 	return 0;
 }