From b3c28ef2ea863c52db8ba2c65eeb88e470abb108 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 3 Sep 2020 10:52:52 +0700 Subject: [PATCH] generate a self-signed certificate for the handshake fuzzer --- fuzzing/handshake/fuzz.go | 28 +++++++++++++++++++----- fuzzing/internal/helper/helper.go | 36 +++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 5 deletions(-) diff --git a/fuzzing/handshake/fuzz.go b/fuzzing/handshake/fuzz.go index 6ca208744..71d814218 100644 --- a/fuzzing/handshake/fuzz.go +++ b/fuzzing/handshake/fuzz.go @@ -1,17 +1,34 @@ package handshake import ( + "crypto/rand" + "crypto/rsa" "crypto/tls" + "crypto/x509" "fmt" + "log" "github.com/lucas-clemente/quic-go/fuzzing/internal/helper" "github.com/lucas-clemente/quic-go/internal/handshake" "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/testdata" "github.com/lucas-clemente/quic-go/internal/utils" "github.com/lucas-clemente/quic-go/internal/wire" ) +var cert *tls.Certificate +var certPool *x509.CertPool + +func init() { + priv, err := rsa.GenerateKey(rand.Reader, 1024) + if err != nil { + log.Fatal(err) + } + cert, certPool, err = helper.GenerateCertificate(priv) + if err != nil { + log.Fatal(err) + } +} + type messageType uint8 // TLS handshake message types. @@ -137,7 +154,7 @@ func Fuzz(data []byte) int { clientConf := &tls.Config{ ServerName: "localhost", NextProtos: []string{alpn}, - RootCAs: testdata.GetRootCA(), + RootCAs: certPool, } if useSessionTicketCache { clientConf.ClientSessionCache = tls.NewLRUClientSessionCache(5) @@ -161,8 +178,6 @@ func Fuzz(data []byte) int { ) sChunkChan, sInitialStream, sHandshakeStream := initStreams() - config := testdata.GetTLSConfig() - config.NextProtos = []string{alpn} serverRunner := newRunner(&client, &server, "server") server = handshake.NewCryptoSetupServer( sInitialStream, @@ -172,7 +187,10 @@ func Fuzz(data []byte) int { nil, &wire.TransportParameters{}, serverRunner, - config, + &tls.Config{ + Certificates: []tls.Certificate{*cert}, + NextProtos: []string{alpn}, + }, enable0RTTServer, utils.NewRTTStats(), nil, diff --git a/fuzzing/internal/helper/helper.go b/fuzzing/internal/helper/helper.go index 1513c3fa0..b4a4ed328 100644 --- a/fuzzing/internal/helper/helper.go +++ b/fuzzing/internal/helper/helper.go @@ -1,11 +1,18 @@ package helper import ( + "crypto" + "crypto/rand" "crypto/sha1" + "crypto/tls" + "crypto/x509" + "crypto/x509/pkix" "encoding/hex" "io/ioutil" + "math/big" "os" "path/filepath" + "time" ) // NthBit gets the n-th bit of a byte (counting starts at 0). @@ -35,3 +42,32 @@ func WriteCorpusFile(path string, data []byte) error { func WriteCorpusFileWithPrefix(path string, data []byte, n int) error { return WriteCorpusFile(path, append(make([]byte, n), data...)) } + +// GenerateCertificate generates a self-signed certificate. +// It returns the certificate and a x509.CertPool containing that certificate. +func GenerateCertificate(priv crypto.Signer) (*tls.Certificate, *x509.CertPool, error) { + template := x509.Certificate{ + SerialNumber: big.NewInt(1), + Subject: pkix.Name{Organization: []string{"quic-go fuzzer"}}, + NotBefore: time.Now().Add(-24 * time.Hour), + NotAfter: time.Now().Add(30 * 24 * time.Hour), + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + DNSNames: []string{"localhost"}, + BasicConstraintsValid: true, + } + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, priv.Public(), priv) + if err != nil { + return nil, nil, err + } + cert, err := x509.ParseCertificate(derBytes) + if err != nil { + return nil, nil, err + } + certPool := x509.NewCertPool() + certPool.AddCert(cert) + return &tls.Certificate{ + Certificate: [][]byte{derBytes}, + PrivateKey: priv, + }, certPool, nil +}