Mercurial > dropbear
annotate fuzz/fuzzer-verify.c @ 1885:5d8dbb6fdab7
Fix SSH_PUBKEYINFO, limit characters, add tests
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.
The current allowed set is a-z A-Z 0-9 .,_-+@
This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 16 Mar 2022 17:17:23 +0800 |
parents | d5680e12ac33 |
children |
rev | line source |
---|---|
1380 | 1 #include "fuzz.h" |
2 #include "session.h" | |
3 #include "fuzz-wrapfd.h" | |
4 #include "debug.h" | |
1688
e01f9ec6d177
Fix untested rsa-sha256 change to fuzzer-verify
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
5 #include "dss.h" |
1380 | 6 |
7 static void setup_fuzzer(void) { | |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1380
diff
changeset
|
8 fuzz_common_setup(); |
1380 | 9 } |
10 | |
11 static buffer *verifydata; | |
12 | |
13 /* Tests reading a public key and verifying a signature */ | |
14 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
15 static int once = 0; | |
16 if (!once) { | |
17 setup_fuzzer(); | |
18 verifydata = buf_new(30); | |
19 buf_putstring(verifydata, "x", 1); | |
20 once = 1; | |
21 } | |
22 | |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1380
diff
changeset
|
23 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
1380 | 24 return 0; |
25 } | |
26 | |
27 m_malloc_set_epoch(1); | |
28 | |
29 if (setjmp(fuzz.jmp) == 0) { | |
30 sign_key *key = new_sign_key(); | |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
31 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
32 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
33 enum signature_type sigtype; |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
34 if (keytype == DROPBEAR_SIGNKEY_RSA) { |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
35 /* Flip a coin to decide rsa signature type */ |
1688
e01f9ec6d177
Fix untested rsa-sha256 change to fuzzer-verify
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
36 int flag = buf_getbyte(fuzz.input); |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
37 if (flag & 0x01) { |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
38 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
39 } else { |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
40 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
41 } |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
42 } else { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
43 sigtype = signature_type_from_signkey(keytype); |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
44 } |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
45 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { |
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
46 /* The fuzzer is capable of generating keys with a signature to match. |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
47 We don't want false positives if the key is bogus, since a client/server |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
48 wouldn't be trusting a bogus key anyway */ |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
49 int boguskey = 0; |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
50 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1655
diff
changeset
|
51 if (keytype == DROPBEAR_SIGNKEY_DSS) { |
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
52 /* So far have seen dss keys with bad p/q/g domain parameters */ |
1655
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
53 int pprime, qprime, trials; |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
54 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p)); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
55 assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
56 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q)); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
57 assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
58 boguskey = !(pprime && qprime); |
f52919ffd3b1
update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79)
Steffen Jaeckel <s_jaeckel@gmx.de>
parents:
1559
diff
changeset
|
59 /* Could also check g**q mod p == 1 */ |
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
60 } |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
61 |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
62 if (!boguskey) { |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
63 printf("Random key/signature managed to verify!\n"); |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
64 abort(); |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
65 } |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
66 |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
67 |
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
68 } |
1380 | 69 } |
70 sign_key_free(key); | |
71 m_malloc_free_epoch(1, 0); | |
72 } else { | |
73 m_malloc_free_epoch(1, 1); | |
74 TRACE(("dropbear_exit longjmped")) | |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
75 /* dropbear_exit jumped here */ |
1380 | 76 } |
77 | |
78 return 0; | |
79 } |