comparison fuzzer-verify.c @ 1529:66a1a2547133 fuzz

The fuzzer has managed to generated DSS key/signature pairs that verify. Avoid false positives from bogus keys that wouldn't be used
author Matt Johnston <matt@ucc.asn.au>
date Wed, 21 Feb 2018 21:49:24 +0800
parents a90fdd2d2ed8
children 92c93b4a3646
comparison
equal deleted inserted replaced
1528:b9e4fd5a0e72 1529:66a1a2547133
27 27
28 if (setjmp(fuzz.jmp) == 0) { 28 if (setjmp(fuzz.jmp) == 0) {
29 sign_key *key = new_sign_key(); 29 sign_key *key = new_sign_key();
30 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; 30 enum signkey_type type = DROPBEAR_SIGNKEY_ANY;
31 if (buf_get_pub_key(fuzz.input, key, &type) == DROPBEAR_SUCCESS) { 31 if (buf_get_pub_key(fuzz.input, key, &type) == DROPBEAR_SUCCESS) {
32 /* Don't expect random fuzz input to verify */ 32 if (buf_verify(fuzz.input, key, verifydata) == DROPBEAR_SUCCESS) {
33 assert(buf_verify(fuzz.input, key, verifydata) == DROPBEAR_FAILURE); 33 /* The fuzzer is capable of generating keys with a signature to match.
34 We don't want false positives if the key is bogus, since a client/server
35 wouldn't be trusting a bogus key anyway */
36 int boguskey = 0;
37
38 if (type == DROPBEAR_SIGNKEY_DSS) {
39 /* So far have seen dss keys with bad p/q/g domain parameters */
40 int pprime, qprime;
41 assert(mp_prime_is_prime(key->dsskey->p, 5, &pprime) == MP_OKAY);
42 assert(mp_prime_is_prime(key->dsskey->q, 18, &qprime) == MP_OKAY);
43 boguskey = !(pprime && qprime);
44 /* Could also check g**q mod p == 1 */
45 }
46
47 if (!boguskey) {
48 printf("Random key/signature managed to verify!\n");
49 abort();
50 }
51
52
53 }
34 } 54 }
35 sign_key_free(key); 55 sign_key_free(key);
36 m_malloc_free_epoch(1, 0); 56 m_malloc_free_epoch(1, 0);
37 } else { 57 } else {
38 m_malloc_free_epoch(1, 1); 58 m_malloc_free_epoch(1, 1);