Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fuzz/*: fuzz rats-tls APIs in sgx mode #184

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fuzz/*: fuzz rats-tls APIs in sgx mode #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d427a4e
fuzz/*: fuzz rats-tls APIs in SGX mode
Ben-cpy Oct 30, 2023
4446750
temporary storage, it wouldbe delete when finished
Ben-cpy Nov 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions cmake/CompilerOptions.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ else()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2")
endif()

if((BUILD_FUZZ) AND (SGX))
string(REPLACE "-std=gnu11" "" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
endif()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove this code to line 65


Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if((BUILD_FUZZ) AND (SGX))

string(REPLACE "-std=gnu11" "" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
string(REPLACE "-std=c11" "" SGX_COMMON_FLAGS "${SGX_COMMON_FLAGS}")
string(REPLACE "-std=c++11" "" SGX_COMMON_CXXFLAGS "${SGX_COMMON_CXXFLAGS}")

# SGX mode
if(SGX)
if(SGX_HW)
Expand Down Expand Up @@ -58,6 +62,11 @@ if(SGX)

set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11")
set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11")
if((BUILD_FUZZ) AND (SGX))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove AND (SGX) ,since if(SGX) is in line 21,

string(REPLACE "-std=c11" "" SGX_COMMON_CFLAGS "${SGX_COMMON_CFLAGS}")
string(REPLACE "-Wunsuffixed-float-constants" "" SGX_COMMON_CFLAGS "${SGX_COMMON_CFLAGS}")
string(REPLACE "-std=c++11" "" SGX_COMMON_CXXFLAGS "${SGX_COMMON_CXXFLAGS}")
endif()

set(ENCLAVE_INCLUDES "${SGX_INCLUDE}" "${SGX_TLIBC_INCLUDE}" "${SGX_LIBCXX_INCLUDE}" "/usr/include")
set(ENCLAVE_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${ENCLAVE_COMMON_FLAGS}")
Expand All @@ -67,3 +76,4 @@ if(SGX)
set(APP_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${APP_COMMON_FLAGS}")
set(APP_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_COMMON_CXXFLAGS} ${APP_COMMON_FLAGS}")
endif()

11 changes: 8 additions & 3 deletions fuzz/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
add_subdirectory(tls_init)
add_subdirectory(tls_negotiate)
if(SGX)
add_subdirectory(tls_sgx_mode)
add_subdirectory(sgx-stub-enclave)
else()
add_subdirectory(tls_init)
add_subdirectory(tls_negotiate)
add_subdirectory(tls_transmit)
endif()
add_subdirectory(tls_server)
add_subdirectory(tls_transmit)
27 changes: 27 additions & 0 deletions fuzz/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,20 @@ cmake -DRATS_TLS_BUILD_MODE="host" -DBUILD_SAMPLES=on -DBUILD_FUZZ=on -H. -Bbuil
make -C build install
```

For SGX mode, please run the following command.

```shell
cmake -DRATS_TLS_BUILD_MODE="sgx" -DBUILD_SAMPLES=off -DBUILD_FUZZ=on -H. -Bbuild
make -C build install
```

Attention! If you run fuzz host program before, you should clean the environment and vice versa.

```bash
make -C build clean # clean the environment
Ben-cpy marked this conversation as resolved.
Show resolved Hide resolved
make -C build uninstall
```

# FUZZ

## rats_tls_init API
Expand Down Expand Up @@ -65,4 +79,17 @@ base64 /dev/urandom | head -c 1500000 > c1
cd ..
./fuzz_server &
./fuzz_transmit -max_len=1500000 -len_control=0 corpus # len_control=0 means try genarating input with size up to max_len
```

# FUZZ in SGX mode

We integrate the fuzz program for these apis into one program `fuzz_sgx_mode`, start the `fuzz_server` first, and then run `fuzz_sgx_mode` to start fuzz.

```shell
cd /usr/share/rats_tls/fuzz/
mkdir corpus && cd corpus # create corpus dir and fill in random string
base64 /dev/urandom | head -c 1500000 > c1
cd ..
./fuzz_server &
./fuzz_sgx_mode -max_len=1500000 -len_control=0 corpus
```
83 changes: 83 additions & 0 deletions fuzz/sgx-stub-enclave/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# Project name
project(sgx-stub-enclave CXX)

set(CMAKE_CXX_COMPILER "/usr/bin/clang++")
set(CMAKE_CXX_FLAGS "-g ${CMAKE_CXX_FLAGS}")
set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz)

if((BUILD_SAMPLES) OR (BUILD_FUZZ))
set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
${CMAKE_CURRENT_SOURCE_DIR}/../../src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/include
)

set(LIBRARY_DIRS ${INTEL_SGXSSL_LIB_PATH}
${LIBCBOR_LIB_PATH}
${CMAKE_BINARY_DIR}/src
${CMAKE_BINARY_DIR}/src/crypto_wrappers/nullcrypto
${CMAKE_BINARY_DIR}/src/crypto_wrappers/openssl
${CMAKE_BINARY_DIR}/src/tls_wrappers/nulltls
${CMAKE_BINARY_DIR}/src/tls_wrappers/openssl
${CMAKE_BINARY_DIR}/src/verifiers/nullverifier
${CMAKE_BINARY_DIR}/src/verifiers/sgx-ecdsa-qve
${CMAKE_BINARY_DIR}/src/verifiers/tdx-ecdsa
${CMAKE_BINARY_DIR}/src/verifiers/sgx-la
${CMAKE_BINARY_DIR}/src/attesters/nullattester
${CMAKE_BINARY_DIR}/src/attesters/sgx-ecdsa
${CMAKE_BINARY_DIR}/src/attesters/sgx-la
)

set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
)
else()
list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
include(CustomInstallDirs)
include(FindRatsTls)
if(NOT RATS_TLS_FOUND)
message(FATAL_ERROR "Failed to find rats_tls!")
endif()
include(FindSGX)
if(NOT SGX_FOUND)
message(FATAL_ERROR "Failed to find sgx!")
endif()
include(CompilerOptions)
include(SGXCommon)

set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl)

set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH})

set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl)
endif()

include_directories(${INCLUDE_DIRS})
link_directories(${LIBRARY_DIRS})

set(E_SRCS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_ecall.c)
set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub.edl)
set(LDS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_enclave.lds)
set(DEPEND_TRUSTED_LIBS crypto_wrapper_nullcrypto
crypto_wrapper_openssl
tls_wrapper_nulltls
tls_wrapper_openssl
attester_nullattester
attester_sgx_ecdsa
attester_sgx_la
verifier_nullverifier
verifier_sgx_la
verifier_sgx_ecdsa_qve
verifier_tdx_ecdsa
rats_tls
cbor
)

add_enclave_library(sgx_stub_enclave SRCS ${E_SRCS} EDL ${EDLS} TRUSTED_LIBS ${DEPEND_TRUSTED_LIBS} EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS} LDSCRIPT ${LDS})
enclave_sign(sgx_stub_enclave KEY sgx_stub_enclave.pem CONFIG sgx_stub_enclave.xml)
add_dependencies(sgx_stub_enclave rats_tls)

install(FILES ${CMAKE_CURRENT_BINARY_DIR}/sgx_stub_enclave.signed.so
DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH})
32 changes: 32 additions & 0 deletions fuzz/sgx-stub-enclave/sgx_stub.edl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
enclave {
include "rats-tls/api.h"
include "internal/core.h"
include "sgx_eid.h"

from "../../src/include/edl/rtls.edl" import *;
from "sgx_tsgxssl.edl" import *;

trusted {
public int ecall_client_startup(
rats_tls_log_level_t log_level,
[in, out] char *fuzz_conf_bytes,
[in, string] char *attester_type,
[in, string] char *verifier_type,
[in, string] char *tls_type,
[in, string] char *crypto_type,
unsigned long flags,
uint32_t s_ip,
uint16_t s_port
);

public int ecall_server_startup(
rats_tls_log_level_t log_level,
[in, string] char *attester_type,
[in, string] char *verifier_type,
[in, string] char *tls_type,
[in, string] char *crypto_type,
unsigned long flags,
uint32_t s_ip,
uint16_t s_port);
};
};
Loading
Loading