diff --git a/comparison-with-state-of-the-art/binaries/networked/tinydtls/config.sh b/comparison-with-state-of-the-art/binaries/networked/tinydtls/config.sh new file mode 100644 index 0000000..194e701 --- /dev/null +++ b/comparison-with-state-of-the-art/binaries/networked/tinydtls/config.sh @@ -0,0 +1,96 @@ +#!/usr/bin/env bash + +set -eu + +function build_generator { + rm -rf generator + cp -r src generator + cd generator + + export FT_HOOK_INS=branch,store,select,switch + export FT_CALL_INJECTION=1 + export CC=/home/user/fuzztruction/generator/pass/fuzztruction-source-clang-fast + export CXX=/home/user/fuzztruction/generator/pass/fuzztruction-source-clang-fast++ + + export CFLAGS="-DFT_FUZZING -DNDEBUG -DFT_GENERATOR" + export CXXFLAGS="-DFT_FUZZING -DNDEBUG -DFT_GENERATOR" + + cd tests + make clean + make ../libtinydtls.a + make + cd .. +} + +function build_consumer { + mkdir -p consumer + rm -rf consumer + cp -r src consumer + + pushd consumer > /dev/null + export AFL_LLVM_LAF_SPLIT_SWITCHES=1 + export AFL_LLVM_LAF_TRANSFORM_COMPARES=1 + export AFL_LLVM_LAF_SPLIT_COMPARES=1 + + export CC=afl-clang-fast + export CXX=afl-clang-fast++ + export CFLAGS="-g -fsanitize=address -O3 -DFT_FUZZING -DFT_CONSUMER" + export CXXFLAGS="-g -fsanitize=address -O3 -DFT_FUZZING -DFT_CONSUMER" + export LDFLAGS="-fsanitize=address" + + cd tests + make clean + make ../libtinydtls.a + make + + cd .. + + popd > /dev/null +} + +function build_consumer_llvm_cov { + rm -rf consumer_llvm_cov + cp -r src consumer_llvm_cov + cd consumer_llvm_cov + + export AFL_LLVM_LAF_SPLIT_SWITCHES=1 + export AFL_LLVM_LAF_TRANSFORM_COMPARES=1 + export AFL_LLVM_LAF_SPLIT_COMPARES=1 + + export CC=afl-clang-fast + export CXX=afl-clang-fast++ + export CFLAGS="-g -O0 -fsanitize=address -DFT_FUZZING -DFT_CONSUMER -fprofile-instr-generate -fcoverage-mapping" + export CXXFLAGS="-g -O0 -fsanitize=address -DFT_FUZZING -DFT_CONSUMER -fprofile-instr-generate -fcoverage-mapping" + export LDFLAGS="-fsanitize=address -fprofile-instr-generate -fcoverage-mapping" + + cd tests + make clean + make ../libtinydtls.a + make + cd .. +} + +function build_consumer_afl_net { + echo "TBA" +} + +function build_consumer_stateafl { + echo "TBA" +} + + +function build_consumer_sgfuzz { + echo "TBA" +} + +function install_dependencies { + echo "No dependencies" +} + +function get_source { + if [[ ! -d "src" ]]; then + git clone https://github.com/assist-project/tinydtls-fuzz.git src + fi + cd src + git checkout 06995d4 +} diff --git a/comparison-with-state-of-the-art/configurations/networked/tinydtls/dtlsclient_dtlsserver.yml b/comparison-with-state-of-the-art/configurations/networked/tinydtls/dtlsclient_dtlsserver.yml new file mode 100644 index 0000000..9a61e13 --- /dev/null +++ b/comparison-with-state-of-the-art/configurations/networked/tinydtls/dtlsclient_dtlsserver.yml @@ -0,0 +1,42 @@ +# Directory in that all files that belong to the fuzzing campaign are stored. +work-directory: "/tmp/dtlsclient-dtlsserver-1" +# Not used for Fuzztruction-Net. +input-directory: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/configurations/networked/no-inputs" +# UID/GID the weird peer's privileges are dropped to. +jail-uid: 606400022 +jail-gid: 606400022 + +# The program that is acting as the weird peer. +source: + # The binary that has to be instrumented with our custom compiler. + # See comparison-with-state-of-the-art/binaries/networked/dropbear/config.sh for how the binary has been build. + bin-path: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/binaries/networked/tinydtls/generator/tests/dtls-client" + arguments: ["-i", "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-identity.txt", "-k", "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-key.txt", "127.0.0.1", "20220"] + input-type: udp + output-type: udp + is-server: false + log-stdout: false + log-stderr: false + +# The program that is actually fuzzed. +sink: + # The target binary that has to be compiled with our custom AFL++ version. + # See comparison-with-state-of-the-art/binaries/networked/dropbear/config.sh for how the binary has been build. + bin-path: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/binaries/networked/tinydtls/consumer/tests/dtls-server" + arguments: [] + input-type: udp + output-type: udp + is-server: true + server-port: "20220" + log-stdout: false + log-stderr: false + allow-unstable-sink: true + +# Binary used for coverage computation. +sink-cov: + # See comparison-with-state-of-the-art/binaries/networked/dropbear/config.sh for how the binary has been build. + bin-path: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/binaries/networked/tinydtls/consumer_llvm_cov/tests/dtls-server" + +# Unused. +vanilla: + bin-path: "/usr/bin/true" diff --git a/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-identity.txt b/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-identity.txt new file mode 100644 index 0000000..7b1a44d --- /dev/null +++ b/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-identity.txt @@ -0,0 +1 @@ +Client_identity diff --git a/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-key.txt b/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-key.txt new file mode 100644 index 0000000..b3a5b8c --- /dev/null +++ b/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-key.txt @@ -0,0 +1 @@ +secretPSK