Mercurial > dropbear
annotate fuzzer-kexcurve25519.c @ 1663:c795520269f9
Fallback for key gen without hard link support (#89)
Add a non-atomic fallback for key generation on platforms where link()
is not permitted (such as most stock Android installs) or on filesystems
without hard link support (such as FAT).
| author | Matt Robinson <git@nerdoftheherd.com> |
|---|---|
| date | Sat, 14 Mar 2020 14:37:35 +0000 |
| parents | d32bcb5c557d |
| children |
| rev | line source |
|---|---|
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
1 #include "fuzz.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
2 #include "session.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
3 #include "fuzz-wrapfd.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
4 #include "debug.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
5 #include "runopts.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
6 #include "algo.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
7 #include "bignum.h" |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
8 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
9 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
10 static int once = 0; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
11 static struct key_context* keep_newkeys = NULL; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
12 /* number of generated parameters is limited by the timeout for the first run. |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
13 TODO move this to the libfuzzer initialiser function instead if the timeout |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
14 doesn't apply there */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
15 #define NUM_PARAMS 20 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
16 static struct kex_curve25519_param *curve25519_params[NUM_PARAMS]; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
17 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
18 if (!once) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
19 fuzz_common_setup(); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
20 fuzz_svr_setup(); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
21 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
22 keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
23 keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "curve25519-sha256"); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
24 keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
25 ses.newkeys = keep_newkeys; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
26 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
27 /* Pre-generate parameters */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
28 int i; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
29 for (i = 0; i < NUM_PARAMS; i++) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
30 curve25519_params[i] = gen_kexcurve25519_param(); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
31 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
32 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
33 once = 1; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
34 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
35 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
36 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
37 return 0; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
38 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
39 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
40 m_malloc_set_epoch(1); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
41 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
42 if (setjmp(fuzz.jmp) == 0) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
43 /* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
44 with DROPBEAR_KEX_CURVE25519 */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
45 ses.newkeys = keep_newkeys; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
46 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
47 /* Choose from the collection of curve25519 params */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
48 unsigned int e = buf_getint(fuzz.input); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
49 struct kex_curve25519_param *curve25519_param = curve25519_params[e % NUM_PARAMS]; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
50 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
51 buffer * ecdh_qs = buf_getstringbuf(fuzz.input); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
52 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
53 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
54 kexcurve25519_comb_key(curve25519_param, ecdh_qs, svr_opts.hostkey); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
55 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
56 mp_clear(ses.dh_K); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
57 m_free(ses.dh_K); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
58 buf_free(ecdh_qs); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
59 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
60 buf_free(ses.hash); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
61 buf_free(ses.session_id); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
62 /* kexhashbuf is freed in kexdh_comb_key */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
63 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
64 m_malloc_free_epoch(1, 0); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
65 } else { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
66 m_malloc_free_epoch(1, 1); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
67 TRACE(("dropbear_exit longjmped")) |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
68 /* dropbear_exit jumped here */ |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
69 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
70 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
71 return 0; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
diff
changeset
|
72 } |