dropbear: fuzzer-kexdh.c annotate

annotate fuzzer-kexdh.c @ 1653:76189c9ffea2

External Public-Key Authentication API (#72) * Implemented dynamic loading of an external plug-in shared library to delegate public key authentication * Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled * Added tags file to the ignore list * Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them * Added -rdynamic to the linker flags when EPKA is enabled * Changed the API to pass a previously created session to the checkPubKey function (created during preauth) * Added documentation to the API * Added parameter addrstring to plugin creation function * Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session) * Changed option string to be a simple char * instead of unsigned char *

author	fabriziobertocci <fabriziobertocci@gmail.com>
date	Wed, 15 May 2019 09:43:57 -0400
parents	a57822db3eac
children

rev	line source
1589 35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 #include "fuzz.h"
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 #include "session.h"
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 #include "fuzz-wrapfd.h"
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 #include "debug.h"
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 #include "runopts.h"
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 #include "algo.h"
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 #include "bignum.h"
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 static int once = 0;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 static struct key_context* keep_newkeys = NULL;
1601 b711a8256919 reduce fuzzer-kexdh params count again, still hitting timeout Matt Johnston <matt@ucc.asn.au> parents: 1595 diff changeset	12 /* number of generated parameters is limited by the timeout for the first run.
b711a8256919 reduce fuzzer-kexdh params count again, still hitting timeout Matt Johnston <matt@ucc.asn.au> parents: 1595 diff changeset	13 TODO move this to the libfuzzer initialiser function instead if the timeout
b711a8256919 reduce fuzzer-kexdh params count again, still hitting timeout Matt Johnston <matt@ucc.asn.au> parents: 1595 diff changeset	14 doesn't apply there */
b711a8256919 reduce fuzzer-kexdh params count again, still hitting timeout Matt Johnston <matt@ucc.asn.au> parents: 1595 diff changeset	15 #define NUM_PARAMS 20
1589 35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 static struct kex_dh_param *dh_params[NUM_PARAMS];
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 if (!once) {
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 fuzz_common_setup();
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 fuzz_svr_setup();
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "diffie-hellman-group14-sha256");
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 ses.newkeys = keep_newkeys;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 /* Pre-generate parameters */
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 int i;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 for (i = 0; i < NUM_PARAMS; i++) {
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 dh_params[i] = gen_kexdh_param();
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 }
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 once = 1;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 }
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 return 0;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38 }
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	40 m_malloc_set_epoch(1);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	41
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	42 if (setjmp(fuzz.jmp) == 0) {
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 /* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply()
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 with DROPBEAR_KEX_NORMAL_DH */
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 ses.newkeys = keep_newkeys;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 /* Choose from the collection of ecdh params */
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 unsigned int e = buf_getint(fuzz.input);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 struct kex_dh_param * dh_param = dh_params[e % NUM_PARAMS];
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 DEF_MP_INT(dh_e);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 m_mp_init(&dh_e);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 if (buf_getmpint(fuzz.input, &dh_e) != DROPBEAR_SUCCESS) {
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 dropbear_exit("Bad kex value");
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 }
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56
1606 98d2b125eb89 kexhashbuf was much to small in kex fuzzers Matt Johnston <matt@ucc.asn.au> parents: 1601 diff changeset	57 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
1589 35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
1609 a57822db3eac Fix leaks in kex fuzzers Matt Johnston <matt@ucc.asn.au> parents: 1606 diff changeset	60 mp_clear(ses.dh_K);
1589 35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 m_free(ses.dh_K);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 mp_clear(&dh_e);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63
1609 a57822db3eac Fix leaks in kex fuzzers Matt Johnston <matt@ucc.asn.au> parents: 1606 diff changeset	64 buf_free(ses.hash);
a57822db3eac Fix leaks in kex fuzzers Matt Johnston <matt@ucc.asn.au> parents: 1606 diff changeset	65 buf_free(ses.session_id);
a57822db3eac Fix leaks in kex fuzzers Matt Johnston <matt@ucc.asn.au> parents: 1606 diff changeset	66 /* kexhashbuf is freed in kexdh_comb_key */
a57822db3eac Fix leaks in kex fuzzers Matt Johnston <matt@ucc.asn.au> parents: 1606 diff changeset	67
1589 35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 m_malloc_free_epoch(1, 0);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 } else {
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 m_malloc_free_epoch(1, 1);
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71 TRACE(("dropbear_exit longjmped"))
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 /* dropbear_exit jumped here */
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 }
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 return 0;
35af85194268 Add kexdh and kexecdh fuzzers Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 }

Mercurial > dropbear

annotate fuzzer-kexdh.c @ 1653:76189c9ffea2