Mercurial > dropbear
comparison FUZZER-NOTES.md @ 1591:b794d277c6da
fix some links
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 05 Mar 2018 14:14:26 +0800 |
| parents | 68d5d8e84a92 |
| children | d32bcb5c557d |
comparison
equal
deleted
inserted
replaced
| 1590:68d5d8e84a92 | 1591:b794d277c6da |
|---|---|
| 43 | 43 |
| 44 When running in fuzzing mode Dropbear uses a [fixed seed](dbrandom.c#L185) | 44 When running in fuzzing mode Dropbear uses a [fixed seed](dbrandom.c#L185) |
| 45 every time so that failures can be reproduced. | 45 every time so that failures can be reproduced. |
| 46 | 46 |
| 47 Since the fuzzer cannot generate valid encrypted input the packet decryption and | 47 Since the fuzzer cannot generate valid encrypted input the packet decryption and |
| 48 message authentication calls are disabled, see (packet.c)[packet.c]. | 48 message authentication calls are disabled, see [packet.c](packet.c). |
| 49 MAC failures are set to occur with a low probability to test that error path. | 49 MAC failures are set to occur with a low probability to test that error path. |
| 50 | 50 |
| 51 ## Fuzzers | 51 ## Fuzzers |
| 52 | 52 |
| 53 Current fuzzers are | 53 Current fuzzers are |
| 54 | 54 |
| 55 - fuzzer-preauth - the fuzzer input is treated as a stream of session input. This will | 55 - [fuzzer-preauth](fuzzer-preauth.c) - the fuzzer input is treated as a stream of session input. This will |
| 56 test key exchange, packet ordering, authentication attempts etc. | 56 test key exchange, packet ordering, authentication attempts etc. |
| 57 | 57 |
| 58 - fuzzer-preauth_nomaths - the same as fuzzer-preauth but with asymmetric crypto | 58 - [fuzzer-preauth_nomaths](fuzzer-preauth_nomaths.c) - the same as fuzzer-preauth but with asymmetric crypto |
| 59 routines replaced with dummies for faster runtime. corpora are shared | 59 routines replaced with dummies for faster runtime. corpora are shared |
| 60 between fuzzers by [oss-fuzz](https://github.com/google/oss-fuzz) so this | 60 between fuzzers by [oss-fuzz](https://github.com/google/oss-fuzz) so this |
| 61 will help fuzzer-preauth too. | 61 will help fuzzer-preauth too. |
| 62 | 62 |
| 63 - fuzzer-verify - read a key and signature from fuzzer input and verify that signature. | 63 - [fuzzer-verify](fuzzer-verify.c) - read a key and signature from fuzzer input and verify that signature. |
| 64 It would not be expected to pass, though some keys with bad parameters are | 64 It would not be expected to pass, though some keys with bad parameters are |
| 65 able to validate with a trivial signature - extra checks are added for that. | 65 able to validate with a trivial signature - extra checks are added for that. |
| 66 | 66 |
| 67 - fuzzer-pubkey - test parsing of an `authorized_keys` line. | 67 - [fuzzer-pubkey](fuzzer-pubkey.c) - test parsing of an `authorized_keys` line. |
| 68 | 68 |
| 69 - fuzzer-kexdh - test Diffie-Hellman key exchange where the fuzz input is the | 69 - [fuzzer-kexdh](fuzzer-kexdh.c) - test Diffie-Hellman key exchange where the fuzz input is the |
| 70 public key that would be received over the network. | 70 ephemeral public key that would be received over the network. This is testing `mp_expt_mod()` |
| 71 and and other libtommath routines. | |
| 71 | 72 |
| 72 - fuzzer-kexecdh - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh | 73 - [fuzzer-kexecdh](fuzzer-kexecdh.c) - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh. |
| 74 This is testing libtommath ECC routines. |