dropbear: fuzzer-verify.c comparison

comparison fuzzer-verify.c @ 1675:ae41624c2198

split signkey_type and signature_type for RSA sha1 vs sha256

author	Matt Johnston <matt@ucc.asn.au>
date	Sun, 17 May 2020 23:58:31 +0800
parents	f52919ffd3b1
children	d5cdc60db08e

comparison

equal deleted inserted replaced

-:ba6fc7afe1c5
+:ae41624c2198
 	m_malloc_set_epoch(1);
 	if (setjmp(fuzz.jmp) == 0) {
 		sign_key *key = new_sign_key();
-		enum signkey_type type = DROPBEAR_SIGNKEY_ANY;
+		enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY;
-		if (buf_get_pub_key(fuzz.input, key, &type) == DROPBEAR_SUCCESS) {
+		if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) {
-			if (buf_verify(fuzz.input, key, verifydata) == DROPBEAR_SUCCESS) {
+			enum signature_type sigtype = (enum signature_type)keytype;
+			if (keytype == DROPBEAR_SIGNKEY_RSA) {
+				/* Flip a coin to decide rsa signature type */
+				int flag = buf_getbyte(fuzz_input);
+				if (flag & 0x01) {
+					sigtype = DROPBEAR_SIGNATURE_RSA_SHA256;
+				} else {
+					sigtype = DROPBEAR_SIGNATURE_RSA_SHA1;
+				}
+			}
+			if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) {
 				/* The fuzzer is capable of generating keys with a signature to match.
 				We don't want false positives if the key is bogus, since a client/server
 				wouldn't be trusting a bogus key anyway */
 				int boguskey = 0;
-				if (type == DROPBEAR_SIGNKEY_DSS) {
+				if (keytype == DROPBEAR_SIGNKEY_DSS) {
 					/* So far have seen dss keys with bad p/q/g domain parameters */
 					int pprime, qprime, trials;
 					trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p));
 					assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY);
 					trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q));

Mercurial > dropbear

comparison fuzzer-verify.c @ 1675:ae41624c2198