fuzztruction · fraglantia · May 22, 2025
diff --git a/comparison-with-state-of-the-art/binaries/networked/tinydtls/config.sh b/comparison-with-state-of-the-art/binaries/networked/tinydtls/config.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+set -eu
+
+function build_generator {
+    rm -rf generator
+    cp -r src generator
+    cd generator
+
+    export FT_HOOK_INS=branch,store,select,switch
+    export FT_CALL_INJECTION=1
+    export CC=/home/user/fuzztruction/generator/pass/fuzztruction-source-clang-fast
+    export CXX=/home/user/fuzztruction/generator/pass/fuzztruction-source-clang-fast++
+
+    export CFLAGS="-DFT_FUZZING -DNDEBUG -DFT_GENERATOR"
+    export CXXFLAGS="-DFT_FUZZING -DNDEBUG -DFT_GENERATOR"
+
+    cd tests
+    make clean
+    make ../libtinydtls.a
+    make
+    cd ..
+}
+
+function build_consumer {
+    mkdir -p consumer
+    rm -rf consumer
+    cp -r src consumer
+
+    pushd consumer > /dev/null
+    export AFL_LLVM_LAF_SPLIT_SWITCHES=1
+    export AFL_LLVM_LAF_TRANSFORM_COMPARES=1
+    export AFL_LLVM_LAF_SPLIT_COMPARES=1
+
+    export CC=afl-clang-fast
+    export CXX=afl-clang-fast++
+    export CFLAGS="-g -fsanitize=address -O3 -DFT_FUZZING -DFT_CONSUMER"
+    export CXXFLAGS="-g -fsanitize=address -O3 -DFT_FUZZING -DFT_CONSUMER"
+    export LDFLAGS="-fsanitize=address"
+
+    cd tests
+    make clean
+    make ../libtinydtls.a
+    make
+
+    cd ..
+
+    popd > /dev/null
+}
+
+function build_consumer_llvm_cov {
+    rm -rf consumer_llvm_cov
+    cp -r src consumer_llvm_cov
+    cd consumer_llvm_cov
+
+    export AFL_LLVM_LAF_SPLIT_SWITCHES=1
+    export AFL_LLVM_LAF_TRANSFORM_COMPARES=1
+    export AFL_LLVM_LAF_SPLIT_COMPARES=1
+
+    export CC=afl-clang-fast
+    export CXX=afl-clang-fast++
+    export CFLAGS="-g -O0 -fsanitize=address -DFT_FUZZING -DFT_CONSUMER -fprofile-instr-generate -fcoverage-mapping"
+    export CXXFLAGS="-g -O0  -fsanitize=address -DFT_FUZZING -DFT_CONSUMER -fprofile-instr-generate -fcoverage-mapping"
+    export LDFLAGS="-fsanitize=address -fprofile-instr-generate -fcoverage-mapping"
+
+    cd tests
+    make clean
+    make ../libtinydtls.a
+    make
+    cd ..
+}
+
+function build_consumer_afl_net {
+    echo "TBA"
+}
+
+function build_consumer_stateafl {
+    echo "TBA"
+}
+
+
+function build_consumer_sgfuzz {
+    echo "TBA"
+}
+
+function install_dependencies {
+    echo "No dependencies"
+}
+
+function get_source {
+    if [[ ! -d "src" ]]; then
+        git clone https://github.com/assist-project/tinydtls-fuzz.git src
+    fi
+    cd src
+    git checkout 06995d4
+}
diff --git a/comparison-with-state-of-the-art/configurations/networked/tinydtls/dtlsclient_dtlsserver.yml b/comparison-with-state-of-the-art/configurations/networked/tinydtls/dtlsclient_dtlsserver.yml
@@ -0,0 +1,42 @@
+# Directory in that all files that belong to the fuzzing campaign are stored.
+work-directory: "/tmp/dtlsclient-dtlsserver-1"
+# Not used for Fuzztruction-Net.
+input-directory: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/configurations/networked/no-inputs"
+# UID/GID the weird peer's privileges are dropped to.
+jail-uid: 606400022
+jail-gid: 606400022
+
+# The program that is acting as the weird peer.
+source:
+    # The binary that has to be instrumented with our custom compiler.
+    # See comparison-with-state-of-the-art/binaries/networked/dropbear/config.sh for how the binary has been build.
+    bin-path: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/binaries/networked/tinydtls/generator/tests/dtls-client"
+    arguments: ["-i", "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-identity.txt", "-k", "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-key.txt", "127.0.0.1", "20220"]
+    input-type: udp
+    output-type: udp
+    is-server: false
+    log-stdout: false
+    log-stderr: false
+
+# The program that is actually fuzzed.
+sink:
+    # The target binary that has to be compiled with our custom AFL++ version.
+    # See comparison-with-state-of-the-art/binaries/networked/dropbear/config.sh for how the binary has been build.
+    bin-path: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/binaries/networked/tinydtls/consumer/tests/dtls-server"
+    arguments: []
+    input-type: udp
+    output-type: udp
+    is-server: true
+    server-port: "20220"
+    log-stdout: false
+    log-stderr: false
+    allow-unstable-sink: true
+
+# Binary used for coverage computation.
+sink-cov:
+    # See comparison-with-state-of-the-art/binaries/networked/dropbear/config.sh for how the binary has been build.
+    bin-path: "/home/user/fuzztruction/fuzztruction-experiments/comparison-with-state-of-the-art/binaries/networked/tinydtls/consumer_llvm_cov/tests/dtls-server"
+
+# Unused.
+vanilla:
+    bin-path: "/usr/bin/true"
diff --git a/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-identity.txt b/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-identity.txt
@@ -0,0 +1 @@
+Client_identity
diff --git a/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-key.txt b/comparison-with-state-of-the-art/configurations/networked/tinydtls/psk-key.txt
@@ -0,0 +1 @@
+secretPSK