Mercurial > dropbear
annotate fuzz/fuzzer-kexcurve25519.c @ 1857:6022df862942
Use DSCP for IP QoS traffic classes
The previous TOS values are deprecated and not used by modern traffic
classifiers. This sets AF21 for "interactive" traffic (with a tty).
Non-tty traffic sets AF11 - that indicates high throughput but is not
lowest priority (which would be CS1 or LE).
This differs from the CS1 used by OpenSSH, it lets interactive git over SSH
have higher priority than background least effort traffic. Dropbear's settings
here should be suitable with the diffservs used by CAKE qdisc.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 25 Jan 2022 17:32:20 +0800 |
| parents | 0cc85b4a4abb |
| children |
| rev | line source |
|---|---|
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
1 #include "fuzz.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
2 #include "session.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
3 #include "fuzz-wrapfd.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
4 #include "debug.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
5 #include "runopts.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
6 #include "algo.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
7 #include "bignum.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
8 |
|
1772
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
9 static struct key_context* keep_newkeys = NULL; |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
10 /* An arbitrary limit */ |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
11 #define NUM_PARAMS 80 |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
12 static struct kex_curve25519_param *curve25519_params[NUM_PARAMS]; |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
13 |
|
1772
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
14 static void setup() __attribute__((constructor)); |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
15 // Perform initial setup here to avoid hitting timeouts on first run |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
16 static void setup() { |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
17 fuzz_common_setup(); |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
18 fuzz_svr_setup(); |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
19 |
|
1772
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
20 keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
21 keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "curve25519-sha256"); |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
22 keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519; |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
23 ses.newkeys = keep_newkeys; |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
24 |
|
1772
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
25 /* Pre-generate parameters */ |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
26 int i; |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
27 for (i = 0; i < NUM_PARAMS; i++) { |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
28 curve25519_params[i] = gen_kexcurve25519_param(); |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
29 } |
|
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
30 } |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
31 |
|
1772
0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
32 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
33 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
34 return 0; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
35 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
36 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
37 m_malloc_set_epoch(1); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
38 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
39 if (setjmp(fuzz.jmp) == 0) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
40 /* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
41 with DROPBEAR_KEX_CURVE25519 */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
42 ses.newkeys = keep_newkeys; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
43 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
44 /* Choose from the collection of curve25519 params */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
45 unsigned int e = buf_getint(fuzz.input); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
46 struct kex_curve25519_param *curve25519_param = curve25519_params[e % NUM_PARAMS]; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
47 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
48 buffer * ecdh_qs = buf_getstringbuf(fuzz.input); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
49 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
50 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
51 kexcurve25519_comb_key(curve25519_param, ecdh_qs, svr_opts.hostkey); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
52 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
53 mp_clear(ses.dh_K); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
54 m_free(ses.dh_K); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
55 buf_free(ecdh_qs); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
56 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
57 buf_free(ses.hash); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
58 buf_free(ses.session_id); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
59 /* kexhashbuf is freed in kexdh_comb_key */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
60 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
61 m_malloc_free_epoch(1, 0); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
62 } else { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
63 m_malloc_free_epoch(1, 1); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
64 TRACE(("dropbear_exit longjmped")) |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
65 /* dropbear_exit jumped here */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
66 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
67 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
68 return 0; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
69 } |