Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(794)

Side by Side Diff: testing/libfuzzer/fuzzers/libsrtp_fuzzer.cc

Issue 2419733003: Revert of Upgrade libsrtp to version 2.0 (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « DEPS ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <assert.h> 5 #include <assert.h>
6 #include <netinet/in.h>
7 #include <stddef.h> 6 #include <stddef.h>
8 #include <stdint.h> 7 #include <stdint.h>
9 8
10 #include <algorithm> 9 #include <algorithm>
11 #include <vector> 10 #include <vector>
12 11
13 #include "third_party/libsrtp/include/rtp.h" 12 #include "third_party/libsrtp/srtp/include/rtp.h"
14 #include "third_party/libsrtp/include/rtp_priv.h" 13 #include "third_party/libsrtp/srtp/include/rtp_priv.h"
15 #include "third_party/libsrtp/include/srtp.h" 14 #include "third_party/libsrtp/srtp/include/srtp.h"
16 15
17 // TODO(katrielc) Also test the authenticated path, which is what 16 // TODO(katrielc) Also test the authenticated path, which is what
18 // WebRTC uses. This is nontrivial because you need to bypass the MAC 17 // WebRTC uses. This is nontrivial because you need to bypass the MAC
19 // check. Two options: add a UNSAFE_FUZZER_MODE flag to libsrtp (or 18 // check. Two options: add a UNSAFE_FUZZER_MODE flag to libsrtp (or
20 // the chromium fork of it), or compute the HMAC of whatever gibberish 19 // the chromium fork of it), or compute the HMAC of whatever gibberish
21 // the fuzzer produces and write it into the packet manually. 20 // the fuzzer produces and write it into the packet manually.
22 21
23 namespace LibSrtpFuzzer { 22 namespace LibSrtpFuzzer {
24 enum CryptoPolicy { 23 enum CryptoPolicy {
25 NONE, 24 NONE,
26 LIKE_WEBRTC, 25 LIKE_WEBRTC,
27 LIKE_WEBRTC_WITHOUT_AUTH, 26 LIKE_WEBRTC_WITHOUT_AUTH,
28 AES_GCM, 27 AES_GCM,
29 NUMBER_OF_POLICIES, 28 NUMBER_OF_POLICIES,
30 }; 29 };
31 } 30 }
32 31
33 struct Environment { 32 struct Environment {
34 srtp_policy_t GetCryptoPolicy(LibSrtpFuzzer::CryptoPolicy crypto_policy, 33 srtp_policy_t GetCryptoPolicy(LibSrtpFuzzer::CryptoPolicy crypto_policy,
35 const unsigned char* replacement_key) { 34 const unsigned char* replacement_key) {
36 switch (crypto_policy) { 35 switch (crypto_policy) {
37 case LibSrtpFuzzer::NUMBER_OF_POLICIES: 36 case LibSrtpFuzzer::NUMBER_OF_POLICIES:
38 case LibSrtpFuzzer::NONE: 37 case LibSrtpFuzzer::NONE:
39 srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtp); 38 crypto_policy_set_null_cipher_null_auth(&policy.rtp);
40 srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtcp); 39 crypto_policy_set_null_cipher_null_auth(&policy.rtcp);
41 break; 40 break;
42 case LibSrtpFuzzer::LIKE_WEBRTC: 41 case LibSrtpFuzzer::LIKE_WEBRTC:
43 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); 42 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
44 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); 43 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
45 break; 44 break;
46 case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH: 45 case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH:
47 srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp); 46 crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
48 srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtcp); 47 crypto_policy_set_aes_cm_128_null_auth(&policy.rtcp);
49 break; 48 break;
50 case LibSrtpFuzzer::AES_GCM: 49 case LibSrtpFuzzer::AES_GCM:
51 // There was a security bug in the GCM mode in libsrtp 1.5.2. 50 // There was a security bug in the GCM mode in libsrtp 1.5.2.
52 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); 51 crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
53 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); 52 crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
54 break; 53 break;
55 } 54 }
56 55
57 memcpy(key, replacement_key, SRTP_MASTER_KEY_LEN); 56 memcpy(key, replacement_key, SRTP_MASTER_KEY_LEN);
58 return policy; 57 return policy;
59 }; 58 };
60 59
61 Environment() { 60 Environment() {
62 srtp_init(); 61 srtp_init();
63 62
64 memset(&policy, 0, sizeof(policy)); 63 memset(&policy, 0, sizeof(policy));
65 policy.allow_repeat_tx = 1; 64 policy.allow_repeat_tx = 1;
66 policy.ekt = nullptr; 65 policy.ekt = nullptr;
67 policy.key = key; 66 policy.key = key;
68 policy.next = nullptr; 67 policy.next = nullptr;
69 policy.ssrc.type = ssrc_any_inbound; 68 policy.ssrc.type = ssrc_any_inbound;
70 policy.ssrc.value = 0xdeadbeef; 69 policy.ssrc.value = 0xdeadbeef;
71 policy.window_size = 1024; 70 policy.window_size = 1024;
72 } 71 }
73 72
74 private: 73 private:
75 srtp_policy_t policy; 74 srtp_policy_t policy;
76 unsigned char key[SRTP_MASTER_KEY_LEN] = {0}; 75 unsigned char key[SRTP_MASTER_KEY_LEN] = {0};
77 76
78 static void srtp_crypto_policy_set_null_cipher_null_auth( 77 static void crypto_policy_set_null_cipher_null_auth(crypto_policy_t* p) {
79 srtp_crypto_policy_t* p) { 78 p->cipher_type = NULL_CIPHER;
80 p->cipher_type = SRTP_NULL_CIPHER;
81 p->cipher_key_len = 0; 79 p->cipher_key_len = 0;
82 p->auth_type = SRTP_NULL_AUTH; 80 p->auth_type = NULL_AUTH;
83 p->auth_key_len = 0; 81 p->auth_key_len = 0;
84 p->auth_tag_len = 0; 82 p->auth_tag_len = 0;
85 p->sec_serv = sec_serv_none; 83 p->sec_serv = sec_serv_none;
86 }; 84 };
87 }; 85 };
88 86
89 size_t ReadLength(const uint8_t* data, size_t size) { 87 size_t ReadLength(const uint8_t* data, size_t size) {
90 // Read one byte of input and interpret it as a length to read from 88 // Read one byte of input and interpret it as a length to read from
91 // data. Don't return more bytes than are available. 89 // data. Don't return more bytes than are available.
92 size_t n = static_cast<size_t>(data[0]); 90 size_t n = static_cast<size_t>(data[0]);
(...skipping 12 matching lines...) Expand all
105 size -= 1; 103 size -= 1;
106 104
107 // Read some more bytes to use as a key. 105 // Read some more bytes to use as a key.
108 if (size <= SRTP_MASTER_KEY_LEN) 106 if (size <= SRTP_MASTER_KEY_LEN)
109 return 0; 107 return 0;
110 srtp_policy_t srtp_policy = env->GetCryptoPolicy(policy, data); 108 srtp_policy_t srtp_policy = env->GetCryptoPolicy(policy, data);
111 data += SRTP_MASTER_KEY_LEN; 109 data += SRTP_MASTER_KEY_LEN;
112 size -= SRTP_MASTER_KEY_LEN; 110 size -= SRTP_MASTER_KEY_LEN;
113 111
114 srtp_t session; 112 srtp_t session;
115 srtp_err_status_t error = srtp_create(&session, &srtp_policy); 113 err_status_t error = srtp_create(&session, &srtp_policy);
116 if (error != srtp_err_status_ok) { 114 if (error != err_status_ok) {
117 assert(false); 115 assert(false);
118 return 0; 116 return 0;
119 } 117 }
120 118
121 // Read one byte as a packet length N, then feed the next N bytes 119 // Read one byte as a packet length N, then feed the next N bytes
122 // into srtp_unprotect. Keep going until we run out of data. 120 // into srtp_unprotect. Keep going until we run out of data.
123 size_t packet_size; 121 size_t packet_size;
124 while (size > 0 && (packet_size = ReadLength(data, size)) > 0) { 122 while (size > 0 && (packet_size = ReadLength(data, size)) > 0) {
125 // One byte was used by ReadLength. 123 // One byte was used by ReadLength.
126 data++; 124 data++;
(...skipping 12 matching lines...) Expand all
139 srtp_unprotect(session, &message, &out_len); 137 srtp_unprotect(session, &message, &out_len);
140 138
141 // |packet_size| bytes were used above. 139 // |packet_size| bytes were used above.
142 data += packet_size; 140 data += packet_size;
143 size -= packet_size; 141 size -= packet_size;
144 } 142 }
145 143
146 srtp_dealloc(session); 144 srtp_dealloc(session);
147 return 0; 145 return 0;
148 } 146 }
OLDNEW
« no previous file with comments | « DEPS ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698