mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-04 20:57:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

handshake fuzzer: fix setting of cipher suites (#4037)

Browse source
This commit is contained in:
Marten Seemann 2023-08-17 12:26:36 +07:00 committed by GitHub
parent 83c00a574d
commit 3822dae9bb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

44
fuzzing/handshake/fuzz.go
View file

@ -17,6 +17,7 @@ import (
"github.com/quic-go/quic-go/fuzzing/internal/helper" "github.com/quic-go/quic-go/fuzzing/internal/helper"
"github.com/quic-go/quic-go/internal/handshake" "github.com/quic-go/quic-go/internal/handshake"
"github.com/quic-go/quic-go/internal/protocol" "github.com/quic-go/quic-go/internal/protocol"
"github.com/quic-go/quic-go/internal/qtls"
"github.com/quic-go/quic-go/internal/utils" "github.com/quic-go/quic-go/internal/utils"
"github.com/quic-go/quic-go/internal/wire" "github.com/quic-go/quic-go/internal/wire"
) )
@ -84,33 +85,6 @@ func (m messageType) String() string {
} }
} }
func appendSuites(suites []uint16, rand uint8) []uint16 {
const (
s1 = tls.TLS_AES_128_GCM_SHA256
s2 = tls.TLS_AES_256_GCM_SHA384
s3 = tls.TLS_CHACHA20_POLY1305_SHA256
)
switch rand % 4 {
default:
return suites
case 1:
return append(suites, s1)
case 2:
return append(suites, s2)
case 3:
return append(suites, s3)
}
}
// consumes 2 bits
func getSuites(rand uint8) []uint16 {
suites := make([]uint16, 0, 3)
for i := 1; i <= 3; i++ {
suites = appendSuites(suites, rand>>i%4)
}
return suites
}
// consumes 3 bits // consumes 3 bits
func getClientAuth(rand uint8) tls.ClientAuthType { func getClientAuth(rand uint8) tls.ClientAuthType {
switch rand { switch rand {
@ -207,14 +181,26 @@ func runHandshake(runConfig [confLen]byte, messageConfig uint8, clientConf *tls.
SessionTicketKey: sessionTicketKey, SessionTicketKey: sessionTicketKey,
} }
// This sets the cipher suite for both client and server.
// The way crypto/tls is designed doesn't allow us to set different cipher suites for client and server.
resetCipherSuite := func() {}
switch (runConfig[0] >> 6) % 4 {
case 0:
resetCipherSuite = qtls.SetCipherSuite(tls.TLS_AES_128_GCM_SHA256)
case 1:
resetCipherSuite = qtls.SetCipherSuite(tls.TLS_AES_256_GCM_SHA384)
case 3:
resetCipherSuite = qtls.SetCipherSuite(tls.TLS_CHACHA20_POLY1305_SHA256)
default:
}
defer resetCipherSuite()
enable0RTTClient := helper.NthBit(runConfig[0], 0) enable0RTTClient := helper.NthBit(runConfig[0], 0)
enable0RTTServer := helper.NthBit(runConfig[0], 1) enable0RTTServer := helper.NthBit(runConfig[0], 1)
sendPostHandshakeMessageToClient := helper.NthBit(runConfig[0], 3) sendPostHandshakeMessageToClient := helper.NthBit(runConfig[0], 3)
sendPostHandshakeMessageToServer := helper.NthBit(runConfig[0], 4) sendPostHandshakeMessageToServer := helper.NthBit(runConfig[0], 4)
sendSessionTicket := helper.NthBit(runConfig[0], 5) sendSessionTicket := helper.NthBit(runConfig[0], 5)
clientConf.CipherSuites = getSuites(runConfig[0] >> 6)
serverConf.ClientAuth = getClientAuth(runConfig[1] & 0b00000111) serverConf.ClientAuth = getClientAuth(runConfig[1] & 0b00000111)
serverConf.CipherSuites = getSuites(runConfig[1] >> 6)
serverConf.SessionTicketsDisabled = helper.NthBit(runConfig[1], 3) serverConf.SessionTicketsDisabled = helper.NthBit(runConfig[1], 3)
if helper.NthBit(runConfig[2], 0) { if helper.NthBit(runConfig[2], 0) {
clientConf.RootCAs = x509.NewCertPool() clientConf.RootCAs = x509.NewCertPool()