Skip to content

Commit

Permalink
wip mki in policy
Browse files Browse the repository at this point in the history
  • Loading branch information
pabuhler committed Jan 31, 2024
1 parent 7bd4598 commit f2be1c5
Show file tree
Hide file tree
Showing 8 changed files with 504 additions and 737 deletions.
83 changes: 8 additions & 75 deletions fuzzer/fuzzer.c
Original file line number Diff line number Diff line change
Expand Up @@ -185,16 +185,14 @@ void fuzz_free(void *ptr)
static srtp_err_status_t fuzz_srtp_protect(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_protect(srtp_sender, hdr, len);
return srtp_protect(srtp_sender, hdr, len, mki);
}

static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_unprotect(srtp_sender, hdr, len);
Expand All @@ -203,91 +201,34 @@ static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender,
static srtp_err_status_t fuzz_srtp_protect_rtcp(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_protect_rtcp(srtp_sender, hdr, len);
return srtp_protect_rtcp(srtp_sender, hdr, len, mki);
}

static srtp_err_status_t fuzz_srtp_unprotect_rtcp(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_unprotect_rtcp(srtp_sender, hdr, len);
}

static srtp_err_status_t fuzz_srtp_protect_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_protect_mki(srtp_sender, hdr, len, use_mki, mki);
}

static srtp_err_status_t fuzz_srtp_protect_rtcp_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_protect_rtcp_mki(srtp_sender, hdr, len, use_mki, mki);
}

static srtp_err_status_t fuzz_srtp_unprotect_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki);
}

static srtp_err_status_t fuzz_srtp_unprotect_rtcp_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki)
{
return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki);
}

/* Get protect length functions */

static srtp_err_status_t fuzz_srtp_get_protect_length(const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length)
{
return srtp_get_protect_trailer_length(srtp_ctx, 0, 0, length);
return srtp_get_protect_trailer_length(srtp_ctx, mki, length);
}

static srtp_err_status_t fuzz_srtp_get_protect_rtcp_length(
const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length)
{
return srtp_get_protect_rtcp_trailer_length(srtp_ctx, 0, 0, length);
}

static srtp_err_status_t fuzz_srtp_get_protect_mki_length(const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length)
{
return srtp_get_protect_trailer_length(srtp_ctx, use_mki, mki, length);
}

static srtp_err_status_t fuzz_srtp_get_protect_rtcp_mki_length(
const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length)
{
return srtp_get_protect_rtcp_trailer_length(srtp_ctx, use_mki, mki, length);
return srtp_get_protect_rtcp_trailer_length(srtp_ctx, mki, length);
}

static uint8_t *extract_key(const uint8_t **data,
Expand Down Expand Up @@ -611,21 +552,18 @@ static uint8_t *run_srtp_func(const srtp_t srtp_ctx,
struct {
uint16_t size;
uint8_t srtp_func;
uint8_t use_mki;
uint32_t mki;
uint8_t stretch;
} params_1;

struct {
uint8_t srtp_func;
uint8_t use_mki;
uint32_t mki;
} params_2;
size_t ret_size;

EXTRACT_IF(&params_1, *data, *size, sizeof(params_1));
params_1.srtp_func %= sizeof(srtp_funcs) / sizeof(srtp_funcs[0]);
params_1.use_mki %= 2;

if (*size < params_1.size) {
goto end;
Expand All @@ -647,8 +585,7 @@ static uint8_t *run_srtp_func(const srtp_t srtp_ctx,
size_t alloc_size;

if (srtp_funcs[params_1.srtp_func].get_length(
srtp_ctx, params_1.use_mki, params_1.mki, &alloc_size) !=
srtp_err_status_ok) {
srtp_ctx, params_1.mki, &alloc_size) != srtp_err_status_ok) {
goto end;
}

Expand All @@ -660,8 +597,7 @@ static uint8_t *run_srtp_func(const srtp_t srtp_ctx,
EXTRACT(copy, *data, *size, params_1.size);

if (srtp_funcs[params_1.srtp_func].srtp_func(
srtp_ctx, copy, &ret_size, params_1.use_mki, params_1.mki) !=
srtp_err_status_ok) {
srtp_ctx, copy, &ret_size, params_1.mki) != srtp_err_status_ok) {
fuzz_free(copy);
goto end;
}
Expand All @@ -673,7 +609,6 @@ static uint8_t *run_srtp_func(const srtp_t srtp_ctx,

EXTRACT_IF(&params_2, *data, *size, sizeof(params_2));
params_2.srtp_func %= sizeof(srtp_funcs) / sizeof(srtp_funcs[0]);
params_2.use_mki %= 2;

if (ret_size == 0) {
goto end;
Expand All @@ -685,8 +620,7 @@ static uint8_t *run_srtp_func(const srtp_t srtp_ctx,
size_t alloc_size;

if (srtp_funcs[params_2.srtp_func].get_length(
srtp_ctx, params_2.use_mki, params_2.mki, &alloc_size) !=
srtp_err_status_ok) {
srtp_ctx, params_2.mki, &alloc_size) != srtp_err_status_ok) {
goto end;
}

Expand All @@ -700,8 +634,7 @@ static uint8_t *run_srtp_func(const srtp_t srtp_ctx,
copy = copy_2;

if (srtp_funcs[params_2.srtp_func].srtp_func(
srtp_ctx, copy, &ret_size, params_2.use_mki, params_2.mki) !=
srtp_err_status_ok) {
srtp_ctx, copy, &ret_size, params_2.mki) != srtp_err_status_ok) {
fuzz_free(copy);
ret = NULL;
goto end;
Expand Down
45 changes: 2 additions & 43 deletions fuzzer/fuzzer.h
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,9 @@
#error "Cannot detect word size"
#endif

typedef srtp_err_status_t (
*fuzz_srtp_func)(srtp_t, void *, size_t *, uint8_t, size_t);
typedef srtp_err_status_t (*fuzz_srtp_func)(srtp_t, void *, size_t *, size_t);
typedef void (*fuzz_srtp_crypto_policy_func)(srtp_crypto_policy_t *);
typedef srtp_err_status_t (*fuzz_srtp_get_length_func)(const srtp_t,
uint8_t,
size_t,
size_t *);

Expand All @@ -45,60 +43,25 @@ struct fuzz_srtp_params {
static srtp_err_status_t fuzz_srtp_protect(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);
static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);
static srtp_err_status_t fuzz_srtp_protect_rtcp(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);
static srtp_err_status_t fuzz_srtp_unprotect_rtcp(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);
static srtp_err_status_t fuzz_srtp_protect_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);
static srtp_err_status_t fuzz_srtp_protect_rtcp_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);
static srtp_err_status_t fuzz_srtp_unprotect_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);
static srtp_err_status_t fuzz_srtp_unprotect_rtcp_mki(srtp_t srtp_sender,
void *hdr,
size_t *len,
uint8_t use_mki,
size_t mki);

static srtp_err_status_t fuzz_srtp_get_protect_length(const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length);
static srtp_err_status_t fuzz_srtp_get_protect_mki_length(const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length);
static srtp_err_status_t fuzz_srtp_get_protect_rtcp_length(
const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length);
static srtp_err_status_t fuzz_srtp_get_protect_rtcp_mki_length(
const srtp_t srtp_ctx,
uint8_t use_mki,
size_t mki,
size_t *length);

Expand All @@ -112,11 +75,7 @@ const struct fuzz_srtp_func_ext srtp_funcs[] = {
{ fuzz_srtp_protect, true, fuzz_srtp_get_protect_length },
{ fuzz_srtp_unprotect, false, NULL },
{ fuzz_srtp_protect_rtcp, true, fuzz_srtp_get_protect_rtcp_length },
{ fuzz_srtp_unprotect_rtcp, false, NULL },
{ fuzz_srtp_protect_mki, true, fuzz_srtp_get_protect_mki_length },
{ fuzz_srtp_unprotect_mki, false, NULL },
{ fuzz_srtp_protect_rtcp_mki, true, fuzz_srtp_get_protect_rtcp_mki_length },
{ fuzz_srtp_unprotect_rtcp_mki, false, NULL }
{ fuzz_srtp_unprotect_rtcp, false, NULL }
};

struct fuzz_srtp_crypto_policy_func_ext {
Expand Down
Loading

0 comments on commit f2be1c5

Please sign in to comment.