Mercurial > dropbear
annotate fuzz/fuzzer-verify.c @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 13:42:08 +0800 |
parents | d5680e12ac33 |
children |
rev | line source |
---|---|
1380 | 1 #include "fuzz.h" |
2 #include "session.h" | |
3 #include "fuzz-wrapfd.h" | |
4 #include "debug.h" | |
1688
e01f9ec6d177
Fix untested rsa-sha256 change to fuzzer-verify
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
5 #include "dss.h" |
1380 | 6 |
7 static void setup_fuzzer(void) { | |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1380
diff
changeset
|
8 fuzz_common_setup(); |
1380 | 9 } |
10 | |
11 static buffer *verifydata; | |
12 | |
13 /* Tests reading a public key and verifying a signature */ | |
14 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
15 static int once = 0; | |
16 if (!once) { | |
17 setup_fuzzer(); | |
18 verifydata = buf_new(30); | |
19 buf_putstring(verifydata, "x", 1); | |
20 once = 1; | |
21 } | |
22 | |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1380
diff
changeset
|
23 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
1380 | 24 return 0; |
25 } | |
26 | |
27 m_malloc_set_epoch(1); | |
28 | |
29 if (setjmp(fuzz.jmp) == 0) { | |
30 sign_key *key = new_sign_key(); | |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
31 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
32 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
33 enum signature_type sigtype; |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
34 if (keytype == DROPBEAR_SIGNKEY_RSA) { |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
35 /* Flip a coin to decide rsa signature type */ |
1688
e01f9ec6d177
Fix untested rsa-sha256 change to fuzzer-verify
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
36 int flag = buf_getbyte(fuzz.input); |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
37 if (flag & 0x01) { |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
38 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
39 } else { |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
40 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
41 } |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
42 } else { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
43 sigtype = signature_type_from_signkey(keytype); |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
44 } |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
45 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { |
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
46 /* The fuzzer is capable of generating keys with a signature to match. |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
47 We don't want false positives if the key is bogus, since a client/server |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
48 wouldn't be trusting a bogus key anyway */ |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
49 int boguskey = 0; |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
50 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
51 if (keytype == DROPBEAR_SIGNKEY_DSS) { |
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
52 /* So far have seen dss keys with bad p/q/g domain parameters */ |
1655
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
53 int pprime, qprime, trials; |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
54 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p)); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
55 assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
56 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q)); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
57 assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
58 boguskey = !(pprime && qprime); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
59 /* Could also check g**q mod p == 1 */ |
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
60 } |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
61 |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
62 if (!boguskey) { |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
63 printf("Random key/signature managed to verify!\n"); |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
64 abort(); |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
65 } |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
66 |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
67 |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
68 } |
1380 | 69 } |
70 sign_key_free(key); | |
71 m_malloc_free_epoch(1, 0); | |
72 } else { | |
73 m_malloc_free_epoch(1, 1); | |
74 TRACE(("dropbear_exit longjmped")) | |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
75 /* dropbear_exit jumped here */ |
1380 | 76 } |
77 | |
78 return 0; | |
79 } |