-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathlibsrtp_fuzzer.cc
196 lines (172 loc) · 6.43 KB
/
libsrtp_fuzzer.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <algorithm>
#include <vector>
#include "third_party/libsrtp/include/srtp.h"
#include "third_party/libsrtp/include/srtp_priv.h"
#include "third_party/libsrtp/test/rtp.h"
// TODO(katrielc) Also test the authenticated path, which is what
// WebRTC uses. This is nontrivial because you need to bypass the MAC
// check. Two options: add a UNSAFE_FUZZER_MODE flag to libsrtp (or
// the chromium fork of it), or compute the HMAC of whatever gibberish
// the fuzzer produces and write it into the packet manually.
namespace LibSrtpFuzzer {
enum CryptoPolicy {
NONE,
LIKE_WEBRTC,
LIKE_WEBRTC_SHORT_AUTH,
LIKE_WEBRTC_WITHOUT_AUTH,
AES_128_GCM,
AES_256_GCM,
NUMBER_OF_POLICIES,
};
}
static size_t GetKeyLength(LibSrtpFuzzer::CryptoPolicy crypto_policy) {
switch (crypto_policy) {
case LibSrtpFuzzer::NUMBER_OF_POLICIES:
case LibSrtpFuzzer::NONE:
return 0;
case LibSrtpFuzzer::LIKE_WEBRTC:
case LibSrtpFuzzer::LIKE_WEBRTC_SHORT_AUTH:
case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH:
return SRTP_AES_ICM_128_KEY_LEN_WSALT;
case LibSrtpFuzzer::AES_128_GCM:
return SRTP_AES_GCM_128_KEY_LEN_WSALT;
case LibSrtpFuzzer::AES_256_GCM:
return SRTP_AES_GCM_256_KEY_LEN_WSALT;
}
}
struct Environment {
srtp_policy_t GetCryptoPolicy(LibSrtpFuzzer::CryptoPolicy crypto_policy,
const unsigned char* replacement_key,
size_t key_length) {
switch (crypto_policy) {
case LibSrtpFuzzer::NUMBER_OF_POLICIES:
case LibSrtpFuzzer::NONE:
srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtp);
srtp_crypto_policy_set_null_cipher_null_auth(&policy.rtcp);
break;
case LibSrtpFuzzer::LIKE_WEBRTC:
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
break;
case LibSrtpFuzzer::LIKE_WEBRTC_SHORT_AUTH:
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtcp);
break;
case LibSrtpFuzzer::LIKE_WEBRTC_WITHOUT_AUTH:
srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtcp);
break;
case LibSrtpFuzzer::AES_128_GCM:
// There was a security bug in the GCM mode in libsrtp 1.5.2.
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
break;
case LibSrtpFuzzer::AES_256_GCM:
// WebRTC uses AES-256-GCM by default if GCM ciphers are enabled.
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
break;
}
assert(static_cast<size_t>(policy.rtp.cipher_key_len) == key_length);
assert(static_cast<size_t>(policy.rtcp.cipher_key_len) == key_length);
memcpy(key, replacement_key, key_length);
return policy;
}
Environment() {
srtp_init();
memset(&policy, 0, sizeof(policy));
policy.allow_repeat_tx = 1;
policy.ekt = nullptr;
policy.key = key;
policy.next = nullptr;
policy.ssrc.type = ssrc_any_inbound;
policy.ssrc.value = 0xdeadbeef;
policy.window_size = 1024;
}
private:
srtp_policy_t policy;
unsigned char key[SRTP_MAX_KEY_LEN] = {0};
static void srtp_crypto_policy_set_null_cipher_null_auth(
srtp_crypto_policy_t* p) {
p->cipher_type = SRTP_NULL_CIPHER;
p->cipher_key_len = 0;
p->auth_type = SRTP_NULL_AUTH;
p->auth_key_len = 0;
p->auth_tag_len = 0;
p->sec_serv = sec_serv_none;
}
};
size_t ReadLength(const uint8_t* data, size_t size) {
// Read one byte of input and interpret it as a length to read from
// data. Don't return more bytes than are available.
size_t n = static_cast<size_t>(data[0]);
return std::min(n, size - 1);
}
Environment* env = new Environment();
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
// Read one byte and use it to choose a crypto policy.
if (size <= 2 + SRTP_MAX_KEY_LEN)
return 0;
LibSrtpFuzzer::CryptoPolicy policy = static_cast<LibSrtpFuzzer::CryptoPolicy>(
data[0] % LibSrtpFuzzer::NUMBER_OF_POLICIES);
data += 1;
size -= 1;
// Read some more bytes to use as a key.
size_t key_length = GetKeyLength(policy);
srtp_policy_t srtp_policy = env->GetCryptoPolicy(policy, data, key_length);
data += SRTP_MAX_KEY_LEN;
size -= SRTP_MAX_KEY_LEN;
// Read one byte and use as number of encrypted header extensions.
uint8_t num_encrypted_headers = data[0];
data += 1;
size -= 1;
if (num_encrypted_headers > 0) {
// Use next bytes as extension ids.
if (size <= num_encrypted_headers)
return 0;
srtp_policy.enc_xtn_hdr_count = static_cast<int>(num_encrypted_headers);
srtp_policy.enc_xtn_hdr =
static_cast<int*>(malloc(srtp_policy.enc_xtn_hdr_count * sizeof(int)));
assert(srtp_policy.enc_xtn_hdr);
for (int i = 0; i < srtp_policy.enc_xtn_hdr_count; ++i) {
srtp_policy.enc_xtn_hdr[i] = static_cast<int>(data[i]);
}
data += srtp_policy.enc_xtn_hdr_count;
size -= srtp_policy.enc_xtn_hdr_count;
}
srtp_t session;
srtp_err_status_t error = srtp_create(&session, &srtp_policy);
free(srtp_policy.enc_xtn_hdr);
if (error != srtp_err_status_ok) {
assert(false);
return 0;
}
// Read one byte as a packet length N, then feed the next N bytes
// into srtp_unprotect. Keep going until we run out of data.
size_t packet_size;
while (size > 0 && (packet_size = ReadLength(data, size)) > 0) {
// One byte was used by ReadLength.
data++;
size--;
size_t header_size = std::min(sizeof(srtp_hdr_t), packet_size);
size_t body_size = packet_size - header_size;
// We deliberately do not initialise this struct. MSAN will catch
// usage of the uninitialised memory.
rtp_msg_t message;
memcpy(&message.header, data, header_size);
memcpy(&message.body, data + header_size, body_size);
int out_len = static_cast<int>(packet_size);
srtp_unprotect(session, &message, &out_len);
// |packet_size| bytes were used above.
data += packet_size;
size -= packet_size;
}
srtp_dealloc(session);
return 0;
}